Re^2: enabling "Submit" button after X seconds.

Replies are listed 'Best First'.
Re^3: enabling "Submit" button after X seconds. by ikegami (Patriarch) on Jun 14, 2010 at 04:47 UTC
The robot he described is a generic robot. It won't change the value to an older timestamp. It doesn't matter that it could. If we were talking about a robot that specifically targets his site, then you'd have a point. There are solutions for that too, such as the aforementioned encryption. (Public key encryption is unnecessary, though. Symetric encryption would be faster.)	[reply]
Re^4: enabling "Submit" button after X seconds. by ahmad (Hermit) on Jun 14, 2010 at 12:14 UTC
That's what I mean, if his site was targeted specifically no matter what you have in that hidden field (encrypted or not) he'll keep getting those registration. For someone who would want to flood his form, he can spend 1 day fetching that form page 1 time/sec and save the "encrypted data" of that form, and in the next day he can do '86400' successful registration according to your method. if he locks it up to maximum of 1 hour , then it's 3600 successful registration per hour. if he's specifically targeted the only possible way is using 'recaptcha' and if that doesn't work , I would suggest saving the requesting ips and block them using .htaccess file "Deny from xxx.xxx.xxx.xxx"	[reply]
Re^3: enabling "Submit" button after X seconds. by Anonymous Monk on Jun 14, 2010 at 00:57 UTC
a hidden field can be filled by those robots easily (it's just another input type). Use public key encryption, and encrypt the timestamp. If you can't decrypt the timestamp or its missing, you know a robot is trying to circumvent your throttling attempts, so you throttle it :)	[reply]