POST flood protection without mysql or cookies?

[Birmingham]

hi, i'm looking for a simple script to protect from too much POST data per so many minutes and also to protect from too much POST data per POST. I don't want to use mysql or cookies but i'm happy to write to and read from a simple text file.

any ideas? would be really helpful for my latest project!

[Dennis_Gull]

If you're webhost allows it you can post this in a .htaccess: (for example 20 MB)
php_value post_max_size 20M
php_value upload_max_filesize 20M
php_value max_execution_time 1200
php_value memory_limit 20M

Otherwise they have to change it in the php.ini file.

[djr33]

That would be for all users, I believe.

Considering that you aren't using either solution that would allow to keep track of individual users, you can't make it specific to each. So if one guy posts all of the allotted amount, no one else can post, or if 30 guys share it equally, it will be used up. It's not too well organized, or fair, for that matter.

You could try text files, but it would be a pain to deal with the work needed to manage them. Using the IP address, I guess, you could do something like MySQL, but it would just be more work.

[Dennis_Gull]

isnt post_value for each individual? Sound a little strange if all people would share the post_max_size, but anyways you can always set a max post value if you're talking about uploading files, you can read more about it here:
http://www.w3schools.com/php/php_file_upload.asp

[djr33]

Hmm... I'm not sure.

The max_size would be per individual post, and have nothing to do with flooding.

Flooding is repeated submissions from an individual.

Each could easily be under the limit for the max_size, but overall they would be a ton of spam.

I think I misread your post, so you are right... this is per individual, but NOT tracking. It would simply limit what can be done each time, not limit how many times it can be done.

So, you're left with three choices--
1. Use PHP/MySQL/Cookies/etc
2. Use the above (or similar) method, which limits what can be done each time, but nothing to do with repitition
3. Create a system that allows a max amount (from everyone) every 10 minutes, or something.
(4. just leave as is)

[Birmingham]

thanks for the suggestions, guys.

limiting the amount an IP can post would be a good contribution to antiflood measures, but a good troublemaker could have access to several IPs with which to similtaneously flood me.

3. Create a system that allows a max amount (from everyone) every 10 minutes, or something.

this is exactly what i'm looking for - an overall limit - and if one user floods then i'm happy to close things down for ten minutes - i'm sure my innocent users will appreciate it.

i'm looking to use text files to store information in rather than using mysql, and i want to protect from both large individual posts (for which dennis suggested some great functions that may work) and also to protect from amount of posts per ten mins or so (this may need some expert scripting?)

can anyone here have a crack at how they would code it in the most efficient way?

[djr33]

limiting the amount an IP can post would be a good contribution to antiflood measures, but a good troublemaker could have access to several IPs with which to similtaneously flood me.

Maybe a couple, but it would be a pain to set that all up, just to flood your system.
Still, it would take energy per IP, so making a controlled system per IP would still help some.

As for doing it for everyone, overall, you would still need some sort of tracking setup. You could try a text file, though it would be complex to reset it every ten minutes as different amounts would be resetting at different times.

I'll think for a bit and let you know if I come up with anything.

[Birmingham]

cheers djr33, looking forward to checking out any script you can make for this