I have a form that allows users to paste input, like on StackOverflow. But if users know the format I send to the server, they can keep sending requests to me. How can I ensure it is a real user sending a request instead of some kind of machine attack to insert information?
preguntado el 27 de agosto de 11 a las 16:08
There are a load of ways to do this and employing a large variety of different things is a good idea to protect against spam.
What stackoverflow does (from my experience) is if there is an abnormal amount of posting, or maybe the posts are very short, or something else is a bit suspicious then they use a capcha.
You can monitor this by using cookies, for instance monitoring the time between posts is a good indicator that someone is spamming. Similarly if the lengths of the messages posted are all about the same length, or include the same url/link or something you can also display a capcha to test if the user is a human or not.