Does Yii have anything built in to prevent repeated posts of form data apart from using a captcha?
I’m writing a messenging system and I’m wondering the best way to prevent someone manually or automatically sending a message to every member on the site in a few minutes.
I thought maybe creating a table (or maybe in their session) that counts each DB insert a user makes and when it reaches a certain amount over a set time, freezing that account for 5 minutes while alerting me via email.
I’ve seen systems where posting is slowed to a crawl so that might be an option.
No, Yii does not have something like that. You could write a AntiSpam component. Then in your controllers you should be able to:
if (Yii::app()->antiSpam->check($this->action->id))
{
// Send message to user...
// Now we keep track of the send message. check() should return false after a certain amount is reached (maybe configureable through config?)
Yii::app()->antiSpam->track($this->action->id);
}
else
{
die('spammer!');
}
Just got around to wanting to implement this and am wondering if extending CHttpRequest somehow so every single POST request is logged from a user and/or ip is the way to go.
This would prevent an attacker moving through the site trying to insert spam using any forms.