Your method would not stop a DOS attack. A DOS attack does not need to post messages. All it needs to do is simply load a page, over and over and over and over..... And, your program would not be able to do anything about it anyway. A DOS attack can even be carried out by calling non-existent pages on the website. The only help is at the server/router level at the host provider.

http://en.wikipedia.org/wiki/Denial-of-service_attack

ALL websites are vulnerable to attack from a compromised password. Your idea of a timeout between posts is a known method of controlling that possibility. It is incorporated in modern advanced BBS software as a setting in the admin controls. But again, this won't stop a DOS attack.

BTW, in any program that depends on user input, when you detect an error condition the worst thing to do is nothing at all. You want your program to always be in control of errors and to actually do something useful, even if it's simply to generate an error message. Can you imagine an airliner just ignoring the pilot and doing nothing at all when he accidentally inputs a wrong code into the navigation computer?

Brian