2

I have a website built with PHP Codeigniter framework. It has an user management system. Generally, what it does is, when an user registers, it add his information to database and sends a conformation email(like other systems).

But now some spammers are creating lots of accounts. They don't verify the email though. Just add more records to the database. However, my database is getting heavy for this. How can I prevent this?

Is there any workflow by which I can add an user after his email confirmation?

Thanks in advance.

Atiab Jobayer
  • 101
  • 3
  • 8
  • 6
    First you can try adding captcha in registration. Then you should try to find out from where this attacks come from and try to prevent registration to a set of IPs with some .htaccess. We had similar problem and blocked it this way. – sissy Feb 16 '18 at 08:11

4 Answers4

4
  • You can add some captcha or security as say in comment's.
  • You can also, with codeigniter, easily get the user ip with the function ip_adress and limit the creation of an account by ip.
  • Set a cron function to disable inactivated accounts everyday/week to lighter you database with useless account...
  • Use Analitics and see where the spam come from, and blacklist the concerned countries.

There is many solutions but none of them is perfect or 100% effective :/

Eiji
  • 454
  • 6
  • 15
2

it is not possible to insert the user after sucessfully confirmation mail you can follow some steps to restrict the users

  1. create a captcha in your registration form
  2. make a new table ie blueprint of your registration table so the user register go to this new table then if the user is confirm there mail then the record move to orginal registation table and delete from the new one
  3. to blok the user by one user one ip is not a good solution so don't restrict them
  4. just run a cron job on every 3 day on the new blueprint of the table so the users that is not confirm their mail simply remove all the entries from the new table on every three days on every week. thats it Thanks.
Anil Kumar Sahu
  • 567
  • 2
  • 7
  • 27
2

PDO Prepared Statements validate function

$result = Database::getInstance()->query("SELECT * FROM user ORDER BY id DESC WHERE 1");

this should get you the last database entry now you should read out the verification status and delete unverified user or add veriefied user

in your Database class you should have a functin that buils your sql query and build a array with the values you want to inject

public function query($query, array $parameters = array())
{
    $statement = $this->connection->prepare($query);

    foreach($parameters as $key => $value)
    {
        $statement->bindValue(':'.$key, $value);
    }

    $statement->execute();
    return $statement->fetchAll(PDO::FETCH_ASSOC);
}
RediOne1
  • 10,389
  • 6
  • 25
  • 46
HelloWorldComputing
  • 21
  • 1
  • 3
  • Hans, you've got a low rep so I'm not going to downvote you for this one. But firstly, the code you posted isn't related to CI at all, and secondly, this answer doesn't really address the users question. – Alex Feb 16 '18 at 08:59
0
  • Best Solution is to use Google reCaptcha
  • Use Check for E-Mail address legal validation
Roshan Padole
  • 390
  • 4
  • 11
  • You call google reCaptcha the "best" solution... but it's not better than a "less worst" solution. reCaptcha is one of the commonest Turing test, and the commonest blackhat challenge. Is it that safe? I don't think so... Before use a Turing test at the expense of user experience, there is many "back end" solutions. – Eiji Feb 20 '18 at 06:27