|
|
Posted by flamer die.spam@hotmail.com on 07/06/06 03:32
make sure you dont be lazy and use code like extract($_POST);
if your checking for things like sql injection or mail header
injections kill the script as soon as the error is found.. exit();
you cant do anything to stop it from happenign and i wouldnt worry,
just learn what holes people use and fix them in your scripts.
also to ensure that someone doesnt try and mass email make sure you
remove any commas from email addresses with str replace, or better yet
if the email address contains a comma.. exit();
flamer.
wayne wrote:
> I have a PHP email script running on two separate websites. Today, I
> received a form mail generated by the script from each site, with time
> stamps 10 minutes apart. The entered email address in each form is the
> same, but the REMOTE_ADDR reported is different.
>
> Doing a search of the IP Addresses generates many hits, the user
> apparently posts to many news groups.
>
> The postal address entered is in MA while the IP Address from the first
> entry has many log files posted of an address in MI.
>
> Is some one trying to probe the script for vulnerabilities? If so, what
> actions should I be considering?
>
> Thank you.
>
> --
> Wayne
> http://www.glenmeadows.us
> With or without religion, you would have good people doing good things
> and evil people doing evil things. But for good people to do evil
> things, that takes religion.
> -Steven Weinberg
Navigation:
[Reply to this message]
|