0

I have a form that allows users to paste input, like on StackOverflow. But if users know the format I send to the server, they can keep sending requests to me. How can I ensure it is a real user sending a request instead of some kind of machine attack to insert information?

NullUserException
  • 83,810
  • 28
  • 209
  • 234
DNB5brims
  • 29,344
  • 50
  • 131
  • 195
  • 1
    Can't you use a captcha to require human interaction? http://en.wikipedia.org/wiki/CAPTCHA – Johnie Karr Aug 27 '11 at 16:49
  • 1
    When you say "user" do you mean a logged-in user? – Emanuil Rusev Aug 27 '11 at 16:51
  • Did you already check related questions like those shown on the right side of this page? [How do you stop scripters from slamming your website hundreds of times a second?](http://stackoverflow.com/questions/450835/how-do-you-stop-scripters-from-slamming-your-website-hundreds-of-times-a-second) seems promising. – Gumbo Aug 27 '11 at 16:58

3 Answers3

1

There are a load of ways to do this and employing a large variety of different things is a good idea to protect against spam.

What stackoverflow does (from my experience) is if there is an abnormal amount of posting, or maybe the posts are very short, or something else is a bit suspicious then they use a capcha.

You can monitor this by using cookies, for instance monitoring the time between posts is a good indicator that someone is spamming. Similarly if the lengths of the messages posted are all about the same length, or include the same url/link or something you can also display a capcha to test if the user is a human or not.

Thomas Clayson
  • 29,657
  • 26
  • 147
  • 224
0

You can use a captcha. That's probably the most common approach.

Emanuil Rusev
  • 34,563
  • 55
  • 137
  • 201
  • But before I use captcha, how can I track the user keep sending request to me? As you can see, most of the site won't ask u to do captcha, until u keep trying for 3-4 times in a short time. – DNB5brims Aug 27 '11 at 16:51
  • That's a completely different and much more general question. A user can send a request to and page on your site. It doesn't have to be just the "post submission" related pages. – Emanuil Rusev Aug 27 '11 at 16:55
  • Here's a question that may give you some helpful ideas on the subject: http://stackoverflow.com/questions/8472/practical-non-image-based-captcha-approaches – Emanuil Rusev Aug 27 '11 at 16:56
0

There are different techniques allowing you to achieve this with more or less success. Using a Captcha is one popular way used by many sites.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928