Quantcast
Channel: Topliners: Message List
Viewing all articles
Browse latest Browse all 3431

Re: Globally block domains/IP addresses from submitting forms

$
0
0

Are you actually having a problem with competitors "download bombing" your site? Or are you just trying to get ahead of the possible problem before it arises?

 

The reason I ask is because I don't think this is likely to be a problem, but if it is, I don't think blocking certain IP addresses will be sufficient to deter a determined attacker. If the attacker really wants to do this, they can just do it from another location or use a proxy.

 

Having said that, you may be able to deter casual attackers from known IP addresses or blocks on an E10 landing page, but it'll involve a bit of tricky JavaScript and a call to a server-side resource of some kind (yours or someone else's). Here's a post on stackoverflow about using JS to get the client IP.

 

Once you have the IP, you'll presumably need to check it against a list of IPs you want to block, and if it's on the list, use JS to hide the form or redirect the visitor to a different URL.

 

Unless you are currently under attack and attempting to defend yourself, I don't think this is worth the time it would take to implement.

 

If the attack is automated, or what you're really worried about is blocking automated form spam in general, I recommend this technique: Robust Form Spam Blocking JavaScript Technique

 

If you're under attack by a determined human attacker, I doubt there's a reasonable way to stop it.


Viewing all articles
Browse latest Browse all 3431