php - Show captcha when unexpected navigation detected to prevent traffic abuse
I noticed that some user overloading my website by downloading multiple files (for example 500 files at same time) and opening more pages in small duration, I want to show captcha if unexpected navigation detected by user.
I know how to implement Captcha, but I can't figure out what is the best approach to detect traffic abuse using (PHP)?
A common approach is to use something like memcached to store the requests on a minute basis, I have open sourced a small class that achieves this: php-ratelimiter
If you are interested in a more thorough explanation of why the requests need to be stored on a minute basis, check this post.
So to sum it up, your code could end up looking like this:
Actually, the code is based on a per-minute basis but you can quite easily adapt this to be on a per 30 seconds basis:
A similar question has be answered before Prevent PHP script from being flooded but it might not be sufficient reasons :
$_SERVER["REMOTE_ADDR"]and they are some shared connection have the same
Public IP Address
Firefox addonthat can allows users to use multiple proxy for each request
Multiple Request != Multiple Download
Preventing multiple request is totally different from Multiple Download why ?
Lest Imagine a file of
10MBthat would take
1minto download , If you limit users to say
100 request per minwhat it means you are given access to the user to download
To fix this issue you can look at Download - max connections per user?.
Back to page access you can use
memcacheto limit users per second. It uses
cookiesto resolve the shared connection issue and attempts to get the real IP address
Please note that
SimpleFlood::setLimit(float $float);accepts floats so you can have
This is a basic prove of concept and additional layers can be added to it such as
I think you can use sessions in this case. Initialize a session to store a timestamp[use microtime for better results] and then get timestamp of the new page.The difference can be used to analyzed the frequency of pages being visited and captcha can be shown.
You can also run a counter on pages being visited and use a 2d array to store the page and timestamp.If the value of pages being visited increases suddenly then you can check for timestamp difference.