PHP/MySQL Spamming

[NSA]

Hello,

I've been trying to create a way for PHP to check if a user is spamming comments.
For instance, the user keeps constantly spamming the same letter or spamming a link, the user will be automatically banned.
Let's say User A sends 5 messages within the space of 3 seconds.
They will be banned.
If you get me.

I'm hoping to be able to accomplish this with jQuery, PHP and MySQL.
But if anyone has a different way, I'd still appreciate it!

Cheers.

 

[Heaplink]

I found this useful StackOverflow thread

You must be registered for see links

Basically you set a token for the user when he visit the page with the form. The token is set in a <input type="hidden"> element and once the user submits the form, the token is validated on the server.

However there are many answers with different methods, and libraries - however take your time and read through it

 

[NSA]

This isn't really what I was looking for.
If I take another approach at trying to explain.
Like on Habbo, you can flood.
When you type so many messages at one given time, you have to wait 30 or 20 seconds to type another message.

 

[Heaplink]

Habbo uses a whole other approach, through their flash client. Since you wan't to prevent spam in an PHP application, it's a whole other story. It's not easy to make sure a user doesn't spam with just Javascript (it's client-side, don't trust your users in anything) so you will use PHP as your server-side to validate the input and timestamp etc.

Something like: If the date of the last message sent by user is < minimum wait date then abort the insertion - otherwise go on.

 

[Weasel]

I got something, I guess it could be improved, but it does the trick:

Add this somewhere at the top:

session_start();
$hour = date("H");
$minute = date("i");
$seconds = date("s");
$day = date("d");
$month = date("m");
$year = date("Y");
$extratime = 30;
 
$current = mktime($hour,$minute,$seconds,$month,$day,$year);
$expire =  mktime($hour,$minute,$seconds+$extratime,$month,$day,$year);

Add this on the place where you want the input etc, and at "// All the code here" put the actual code.

if ($_SESSION['check_time'] < $current && $_SESSION['check_amount'] < 3)
{
if ($_SESSION['check_time'] > $current && $_SESSION['check_amount'] >= 3)
{
unset($_SESSION['check_amount']);
}
 // All the code here
}
else
{
echo 'Please don\'t spam!';
}

On submit, set the sessions:

if (!isset($_SESSION['check_amount']))
{
$_SESSION['check_amount'] = 1;
$_SESSION['check_time'] = $expire;
}
else {
$_SESSION['check_amount']++;
}

 

[NSA]

Tried this out.
Comments just stopped posting.

You must be registered for see links

 

[Heaplink]

Let me fix your code up, it will take a minute.

 

[Ecko]

Create a function that grabs the last x amount of messages from an IP address where the timestamp is from 10 seconds or less (you will need to modify your $date variable to include seconds) when a message is submitted. If mysql_num_rows is greater or equal to 4-5, then echo they need to wait before sending another message.

sorry if difficult to comprehend, bit stoned.

 

[Adil]

Rate limit algorithm?

 

[NSA]

Managed to get this working!

function checkTime(){
$livetime = date('H:i:s', time() - 5);
$name = $_SESSION['chat-username'];
$q = mysql_query("SELECT * FROM chat WHERE name = '$name' AND time >= '$livetime'");
$check = mysql_num_rows($q);
if($check >= 3){
echo "Woah! Slow down there...";
}else{
createChat();
}
}

Thanks,

You must be registered for see links

Issue resolved.

 

[Ecko]

Managed to get this working!

function checkTime(){
$livetime = date('H:i:s', time() - 5);
$name = $_SESSION['chat-username'];
$q = mysql_query("SELECT * FROM chat WHERE name = '$name' AND time >= '$livetime'");
$check = mysql_num_rows($q);
if($check >= 3){
echo "Woah! Slow down there...";
}else{
createChat();
}
}

Thanks,

You must be registered for see links

Issue resolved.

You're welcome. Wasn't sure if you understood my post lol

 

[NSA]

Turns out this doesn't work.

 

[Weasel]

Whats the problem it gives?

 

[NSA]

When I echo $check, it gives 60 and it always says "Woah! Slow down there...".

"

60Woah! Slow down there..."​