What is the best way to implement limits for users in applications like discussion boards, image hostings etc. ?
Let's say we want to set limits for StackOverflow. Anonymous users should be able to post 50 questions per 12h and registered users 100 per 12h.
I thought about creating a database and storing information about IPs/users and their posts. Data would be erased after 12h.
However, such solution can be easily hacked. A single IP shouldn't generate more than 100 questions, but what if one user create several accounts on the same IP? Every account has its own limit, so user could generate unlimited amount of questions.
I would have to limit number of accounts per IP (what with schools/other places with many users and single IP?).
I could write on this topic for months. This is a super hard problem that is not solved with a single silver bullet...if this is a real problem for you, you'll solve it over and over as you move forward.
If there is value in putting large amts of content on your site, as you get to scale, bad guys will discover this and get around your defenses. You'll need to look at what they are doing, adapt and attack the problem different. This is why the GMail spam team still exists. :) Deep pockets, smart gals/guys on that team. If it were "solvable" they would have solved it by now.
Doing something like what you describe above is a great start. I would also invest in instrumentation & push the data off to a platform where you can analyze it after the fact (ex: a Hadoop cluster). This way you can study the livesite traffic to see if you have a problem and, if so, learn about how they are doing it so you can adapt.
Welcome to the Hotel California...where you can check out anytime you like but you can never leave.