Our e-commerce visitors can add records to shopping cart without login/registration, plus enter instructions and notes in a text-box.
The cart DB table is filled daily by 1000's of records with spam in the note field. How can the spammers use this to send spam or why do they do this?
How should I prevent them from adding spam records without asking them to login/register?
Thanks in advance.
Some options:
Use cookies to store instructions, notes and cart items locally (so trying to spam you won't actually do anything at all).
Auto-delete entries inactive for longer than a few hours / day / longer (so spamming you doesn't really affect you).
Force users to enter a Captcha at some point (so spamming you is more difficult).
They can spam because they're trying to be malicious, at worst trying to shut your server down or trying to advertise. You may not be the intended target - maybe a spam bot just came across your site.
