联系表格上的垃圾邮件问题(Codeigniter) [英] Issue with spam on our contact forms (Codeigniter)
问题描述
任何人都可以建议最好的方式来反对表单上的垃圾邮件 - 我们已经有一个验证码,但垃圾邮件似乎仍在进入。
Can anyone suggest the best ways to counter SPAM on forms - we've got a captcha in place but spam still seems to be getting in.
执行以下操作...
在表单上检查POST请求是否来自从该网站提交的表单(而不是使用相同操作的表单)。如果请求来自站点接受,否则不&
Is it possible to do the following... On a form check if the POST request has come from the form submitted from that site (and not a form using the same action). If the request has come from the site accept otherwise don't & simply ignore the request.
此外 - 可以做一些服务器端来停止DDOS风格的攻击 - 因为垃圾邮件发送者到我们的网站似乎发送了数千个请求在很短的时间内。
Also - is it possible to do something server-side to stop DDOS style attacks - as the spammer to our site seems to be sending thousands of requests in a very short space of time.
任何人都可以为Codeigniter(v2)提出任何其他好的反垃圾邮件方法,这不会阻碍用户太多。提前感谢。
Can anyone suggest any other good anti-spam methods for Codeigniter (v2) that doesn't hinder the user too much. Thanks in advance.
推荐答案
任何人都可以建议最好的办法来反对表单上的垃圾邮件 - 我已经得到了一个验证码,但垃圾邮件似乎仍在进入。
Can anyone suggest the best ways to counter SPAM on forms - we've got a captcha in place but spam still seems to be getting in.
我喜欢蜂蜜罐技术。基本上在表单上放置一个隐藏字段,并留空值。在提交表单时验证字段。如果字段!=空 - 然后它是一个机器人,所以失败提交。机器人通常只会自动填写表单上的所有字段。
I like the "honey pot" technique. Basically put a hidden field on your form, with an empty value. Validate the field as part of the form submission. If the field != empty - then it was a bot, so fail the submission. Bots tend to just fill in all the fields on a form automatically.
可以执行以下操作...在表单检查如果POST请求来自从该网站提交的表单(而不是使用相同操作的表单)。如果请求来自站点接受,否则不&
Is it possible to do the following... On a form check if the POST request has come from the form submitted from that site (and not a form using the same action). If the request has come from the site accept otherwise don't & simply ignore the request.
是 - 名为CSRF - Codeigniter已内置。在配置文件中打开它,并使用form_open()。这是它
Yes - its called CSRF - Codeigniter has it built in. Turn it on in your config file, and use form_open() on your forms. Thats it
此外 - 可以做一些服务器端来停止DDOS风格的攻击 - 因为垃圾邮件发送者到我们的网站似乎在非常短的时间内发送数千个请求。
Also - is it possible to do something server-side to stop DDOS style attacks - as the spammer to our site seems to be sending thousands of requests in a very short space of time.
是 - 为每个用户在会话中放置上次提交字段。或IP。或者你想跟踪垃圾邮件发送者。在每个表单提交,检查最后一次提交时间,如果它小于X秒(其中X是任何数字,你觉得舒适 - 表示5秒) - 然后失败的表单,因为它提交太频繁。
Yes - put a "last submit" field in your session for each user. Or IP. Or however you want to track the spammer. On each form submission, check the last submit time, if it is less than X seconds (where X is whatever number you feel comfortable with - says 5 seconds) - then fail the form due to it being submitted too often.
另一个选项是记录何时将表单提供给用户,如果是请求后的X秒,也会失败(即需要一个正常人30秒才能填写表单 - 所以2秒意味着一个机器人)。
The other option is to record when the form was "served" to the user, and also fail if it is X seconds after request (i.e. takes a normal person 30seconds to fill in your form - so 2 seconds means a bot).
ps使用上述方法,您就可以移除验证码:)
p.s. using the above means you'll be able to remove the Captcha :)
这篇关于联系表格上的垃圾邮件问题(Codeigniter)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
