Have I got it the right way around?

[Cheetah Designs]

Hey,

I cant think properly and this is irritating me. Have i got this spam stopping script the right way around. Its supposed to only let the user post every 10 minutes.

if($_SESSION['lastMailed']+600 < time())

I have the sign the right way around right?

Thanks.

 

[Cheetah Designs]

Edit: I'm assuming of course that you allow the message to be sent if the if statement evaluates to true and not the opposite.

Lol....theres the problem right there, nice one.....I can just flip the sign for the opposite right.

 

[Cheetah Designs]

EDIT: Sorted now (I think).....Cheers Adz

 

[Cheetah Designs]

Do I need a session start on each page to keep the session going? So they can't just change page and change back?

 

[Cheetah Designs]

What i am trying to prevent is mailbots as this is for a contact form.

If the user wants to go through the process of deleting their cookie etc everytime just to email me .....then fine.

 

[Cheetah Designs]

Oh, ok, so should I store the time along with the IP in database and access from that?

Would that stop it ok?

Or can a mailbot be more intelligent and spoof a different IP each time?

 

[Cheetah Designs]

Well *** site hasn't gone live yet, i am just trying to avoid problems.

Currently there are only two fields.

Their Email and their message.

The Email has to be a blah @ blah . com

and the message is already scanned for headers uysing this, which i can't check if it works and i don't know how to put in headers myself :|

this is what i have:

	$valid = "false";
	$crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$comments);
	if(eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$email) && !$crack){
		$valid = "true";
	}

What more should i do?

Thanks.

 

[Cheetah Designs]

Is there still not a problem with the people that are behind proxies (i suppose its just their fault - something i can live with)

.......but there are people that are behind a proxy which is isp side i think which would cause a problem.

Also with dynamic ips who get a new ip everytime they connect to their isp.

 

[Cheetah Designs]

Sorry for not being clear. Yes i knew that, I was referring to the technique of logging the IP.

What I am trying to do is stop a spambot using this form to keep on emailing me continuously.

And it is my understand (from this thread), that spambots don't take into account sessions and therefore would be able to "bypass" the sessions bit and keep spamming my mailbox.

Or is all that incorrect?

What do most of you do in your forms?