Closed (fixed)
Project:
Send
Version:
5.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
24 Feb 2007 at 21:16 UTC
Updated:
19 Feb 2008 at 02:19 UTC
I'm just wondering how safe the Send Threshold is for spammers and automated scripts.
How does that exactly work? How does it determine who the user is for an anonymous visitor to the site? cookie? ip?
If I set threshold to 3 and i come to my site as an anonymous user, how does it know who i am if i try to send on the 4th time?
Same scenario for an automated script?
I guess i'm just wondering if i need/can enable captcha on 'send'. I don't want to open myself up to a lot of spam since i probably will be administering the machine my site lives on.
thanks much
Comments
Comment #1
allie mickaSend uses Drupal's built-in flood mechanism ( see http://api.drupal.org/api/function/flood_is_allowed/5 ).
This means that the threshold will restrict the number of posts from a particular IP address. This makes things relatively secure, but if in doubt, add the Captcha module.