I've recently launched a website fuelphp fuelphp 1.3. I have a messaging module where you have to be a registered member to send messages to other members.
I've noticed one of the member managed to send messages to all the members (about 250 members) in within couple of mins. I'm pretty sure that the user didn't send individual messages to all the members. The message is basically a spam.
I'm using the db class for saving the database. I'm wondering how can someone do that and how can I prevent this in the feature?
Many thanks.
You will have to analyze the webserver log, so see what requests were fired by that user, and your code to see how you can post messages to many users in a short time.
I can for example imagine that if the 'to' user in the message post is a URI segment or a form field, that it's very easy to write a loop posting the same form with an incremented user id...
Use CSRF protection for your forms to make sure automated posts are not possible.