Flood protection

Flood control is a form of spam prevention on forums and similar community services. It prevents the users from making posts to the forum in quick successions. The users usually have to wait for a short time period before making another post. This mechanism prevents spambots from flooding the forum with unsolicited messages.

Whenever a user makes a post, the mechanism checks, if the minimal time interval between posts has been exceeded. If the interval has been exceeded, the post is not saved. The checks can be performed against:

  • userID (User based) - default for logged-in users.
  • IP (IP based) - default for users that are not logged-in.

You can change the default settings using the CMSUserBasedFloodProtection web.config key.

Supported application

The flood protection is supported in the following applications:

  • Blogs (comments)
  • Forums (posts)
  • Message boards (posts)

This mechanism works across all applications, so if a user gets blocked after posting comments on blogs, the user is also blocked on Forums and Message boards.

Do not forget to use CAPTCHA

In addition to securing the applications using flood protection, you should also include a CAPTCHA field in the comment, post and message forms. See Spam protection (CAPTCHA).

Enabling and configuring the flood protection

You can enable the flood protection functionality in Settings -> Security & Membership -> Protection -> Flood protection section.

Using the Flood protection interval, you can set the minimum time interval (in seconds) before the user can make another post.

Chat application

The Chat application has its own flood protection system. It is more complex and granular. The checks are performed when the user:

  • creates a room,
  • joins a room,
  • posts a message,
  • changes the nickname.

The checks are performed against the chat user ID. Chat also has its own Flood protection section in Settings -> Community -> Chat. See Settings - Chat.

Flood protection integration

If you want to integrate this mechanism in your own code, use the FloodProtectionHelper.CheckFlooding method:




using CMS.Membership;
using CMS.SiteProvider;

...

if (FloodProtectionHelper.CheckFlooding(SiteContext.CurrentSiteName, MembershipContext.AuthenticatedUser))
{
    // Don't save the message, display information about flooding to the user
}

// Save the message and continue