VIVA LA NWO VIVA LA NWO - 1 year ago 103
PHP Question

Quick and easy flood protection?

I have a site where a user submits a message using AJAX to a file called

. In this file the users message is submitted to a database and it then sends a link back to the user. In my Javascript code I disabled the text box the user types into when they submit the AJAX request.

The only problem is, a malicious user can just constantly send POST requests to
and flood my database. So I would like to implement simple flood protection.

I don't really want the hassle of another database table logging users IPs and such... as if they are flooding my site there will be a lot of database read/writes slowing it down. I thought about using sessions, like have a session that contains a timestamp that gets checked every time they send data to
, and if the current time is before the timestamp let them add data to the database, otherwise send out an error and block them. If they are allowed to enter something into the database, update their session with a new timestamp.

What do you think? Would this be the best way to go about it or are there easier alternatives?

Thanks for any help. :)

Answer Source

Use a token. You generate the token and add it to the page originating the request. In like.php you verify that the request contains a valid token, which means it comes from your page instead of an external one POSTing directly.