How to Block Contact Us Flood

[cgchris99]

I have a site that deals with Clubs and there is contact info on there so the members are allowed to contact the club and it gets email through our system.

 

I want to be able to keep the clubs from getting spammed. For example, the same person contacts ClubA, ClubB, ClubC, ClubD etc.

 

What is the best way to handle this?

Do I create session to block this?

 

Thanks for any advice.

 

[revraz]

Why can't they contact all the clubs?

[Maq]

If they are bots implement or create a CAPTCHA.

 

But it seems like it is a human?  Just store their username or IP in the database and make sure they only send either a certain amount or you could use sessions...

[cgchris99]

It's not bots that are the problem. It is vendors trying to sell their products to the clubs or other websites promoting their own website.

 

So one person gets on the site and contacts 50 clubs sending the same message to each one club.

 

We have a notice that the page that it is not to be used for commercial purposes but you can see how well that works.

 

I would like to allow them to send two messages in a 24 hour period.

[Maq]

You can use a combination of cookies and sessions. Cookies would work, but the vendor can delete them if they know that's how your preventing them from spamming but sessions they can just close the browser and reopen your page to continue spamming. 

 

My suggestion would be to log their IP in a table somewhere with a timestamp, so you can count how many messages they've sent, and you could write a script and call it in the crontab every 24 hours to wipe out the ones that are over 24 hours old.