I have a contact form that sends to my email and I recently got attacked by some sort of spam attack... I received like 76k emails overnight from the same IP address. It made me really mad. What can I do to fix this? I know I can implement captcha but I don't want that. :\

What else can I do to prevent multiple form submit?


You can use $_SESSION to save the last time a contact form was submitted and the number of submissions during this session. When the count is above 3 and last time is lower than 5 minutes ago, post a warning and update last time to prevent spams.

Written by Khez

@Khez that only works if the client handles cookies. If not then a new session will be created for each request. I don't think this is spammer proof.

Written by James C

@James true, that's why I only commented and not answered. Was just trying to nudge him in the right direction.

Written by Khez

To know more about how to avoid spam, consider browsing questions on webmasters.stackexchange.com - there is a lot of information on the topic there!

Written by Agos

Accepted Answer

You could try to stop this in a number of different ways:

  • CAPTCHA (you already said you didn't like it but it's possibly the easiest solution)
  • Answering some kind of question that it's easy for a person to answer but not a script
  • Making sure the user is signed in before they can submit (assuming they have to be registered)
  • Rate limit the form so that each IP address can only submit once every N period of time
Written by James C
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki