Please i need your help. I'm scripting a comment functionality on my website, and i'm trying to reduce spamming to the barest minimum.. My issue/problem is that when users/bots(possibly) submit a comment, i have this code to do a HTTP/1.1 303 redirect to the same page so that when the user attempts to refresh the page the previous comment does not re-submit.
Will this be enough for spam reduction.
Thanks for your time, patience and answers. I most appreciate it.
header("HTTP/1.1 303 See Other");
header("Location: http://127.0.0.1/ main/forum/
I don't think would help you achive your goal which is reduce spamming you can do the following
A. Check if a page as been refresh then redirect and this has been discussed extensively here : see
B. To prevent proper flooding to need to limit number of request for sec for each IP address See
Prevent PHP script from being flooded
Edit 1
Non OOP version as requested by you :
$memcache = memcache_connect ( 'localhost', 11211 );
$runtime = memcache_get ( $memcache, 'floodControl' );
if ((time () - $runtime) < 2) {
die ( "Die! Die! Die!" );
}
else {
echo "Welcome";
memcache_set ( $memcache, "floodControl", time () );
}
This will have no effect on spam or bots submitting your form. The only thing this is useful for is to avoid accidental resubmission by hitting F5 (refreshing the page), although usually it's done with a 301 or 302 redirect.
I have now read on Wikipedia:
The HTTP response status code 303 See Other is the correct manner in which to redirect web applications to a new URI, particularly after an HTTP POST has been performed.
which suggest that 303 is a correct HTTP response in your situation. But still most people probably use 302.
Short answer: No.
Long answer: No, redirects have nothing to do with spamming. Spammers are making use of the full HTTP protocol of which the various status codes like 303 See Other are part of. Any HTTP client - spammer or not - is able to deal with these.
What actually helps to prevent spamming is to display a secondary page which asks again for posting the content (like a preview). Most spam bots don't get that and it's user-friendly as well.