Note: This guide describes Kentico CMS version 7. Unfortunately, we cannot support this guide from version 8 forward. Go to latest documentation

Skip to end of metadata
Go to start of metadata

Flood control is a form of spam prevention on forums and similar community services. It prevents the users from making posts to the forum in quick successions. The users usually have to wait for a short time period before making another post. This mechanism prevents spambots from flooding the forum with unsolicited messages.

Whenever a user makes a post, the mechanism checks, if the minimal time interval between posts has been exceeded. If the interval has been exceeded, the post is not saved. The checks can be performed against:

  • userID (User based) - default for logged-in users.
  • IP (IP based) - default for users that are not logged-in.

You can change the default settings using the CMSUserBasedFloodProtection web.config key:

<add key="CMSUserBasedFloodProtection" value="true"/>

Supported modules

The flood protection is supported in these modules:

  • Blogs (comments)
  • Forums (posts)
  • Message boards (posts)
  • Messaging (sending messages)

This mechanism works across modules, so if a user gets blocked after posting comments on blogs, the user is also blocked on Forums, Message boards and in the Messaging module.

Do not forget to use CAPTCHA

Besides securing these modules using the flood protection, you should also include a CAPTCHA field in the comment, post and message forms.

Enabling and configuring the flood protection

You can enable the flood protection functionality in Site Manager -> Settings -> Security & Membership -> Protection -> Flood protection section.

Using the Flood protection interval, you can set the minimum time interval (in seconds) before the user can make another post.

 

On this page

Chat module

The Chat module has its own flood protection system. It is more complex and granular. The checks are performed when the user:

  • creates a room,
  • joins a room,
  • posts a message,
  • changes the nickname.

The checks are performed against the chat user ID. This module also has its own flood protection settings at Site Manager -> Settings -> Community -> Chat:

Flood protection integration

If you want to integrate this mechanism in your own code or module, use the FloodProtectionHelper.CheckFlooding method:

if (FloodProtectionHelper.CheckFlooding(CMSContext.CurrentSiteName, CMSContext.CurrentUser))
{
	// Don't save the message, display information about flooding to the user
}


// Save the message and continue
  • No labels