Yii Framework Forum: Built in form flood protection? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Built in form flood protection? Rate Topic: -----

#1 User is offline   xgarb 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 19-July 10

Posted 17 August 2010 - 08:47 AM

Does Yii have anything built in to prevent repeated posts of form data apart from using a captcha?

I'm writing a messenging system and I'm wondering the best way to prevent someone manually or automatically sending a message to every member on the site in a few minutes.

I thought maybe creating a table (or maybe in their session) that counts each DB insert a user makes and when it reaches a certain amount over a set time, freezing that account for 5 minutes while alerting me via email.

I've seen systems where posting is slowed to a crawl so that might be an option.
0

#2 User is offline   Y!! 

  • Advanced Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 978
  • Joined: 18-June 09

Posted 17 August 2010 - 09:04 AM

No, Yii does not have something like that. You could write a AntiSpam component. Then in your controllers you should be able to:

if (Yii::app()->antiSpam->check($this->action->id))
{

   // Send message to user...

   // Now we keep track of the send message. check() should return false after a certain amount is reached (maybe configureable through config?)
   Yii::app()->antiSpam->track($this->action->id);

}
else
{
   die('spammer!');
}


There are many way to handle this.
0

#3 User is offline   xgarb 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 19-July 10

Posted 23 December 2010 - 03:19 PM

Just got around to wanting to implement this and am wondering if extending CHttpRequest somehow so every single POST request is logged from a user and/or ip is the way to go.

This would prevent an attacker moving through the site trying to insert spam using any forms.
0

#4 User is offline   jacmoe 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 3,710
  • Joined: 10-October 10
  • Location:Denmark

Posted 23 December 2010 - 03:28 PM

A month ago an extension was posted:
extension/aii-anti-spam-behavior/
It appears to suit your needs. :)
"Less noise - more signal"
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users