|
|
|
|
|
|
by kazinator
1808 days ago
|
|
|
1. Allow only submissions from authenticated sessions, disallowing duplicates: each user's account gets one submission attempt per day. 2. Include a hidden nonce in the submission form whose value must be correctly. Thus the attacker cannot just blindly send a submission on the strike of 9:00; the attacker has to obtain something from your server which is only available at 9:00 or later: the form markup containing the correct nonce, unique to their session. 3. Include a question in the form that must be correctly answered, but is likely hard to do for a robot. Of course, the question is different everyday. |
|
|