|
|
Posted by mantrid on 12/04/06 19:07
Up to the other day I have not bothered protecting my php script on my
feedback form against email injection. Howerver, i have had a spammer using
it to insert email addresses as cc: bc: into my email field. First I was
puzzled why he was doing it as the message being sent was just jibberish. I
have recently used a function to protect these fields and send an email back
to myself with his details. function below
function spamcheck($spammed_field,$returnpage) {
$spammed_field=strtolower($spammed_field);
if((eregi("cc:",$spammed_field))||(eregi("subject:",$spammed_field))) {
//(eregi("bcc:",$spammed_field))||
$spamhost=$_SERVER['REMOTE_HOST'];
$spamrefr=$_SERVER['HTTP_REFERER'];
$spamaddr=$_SERVER['HTTP_X_FORWARDED_FOR'];
if(strlen($spamaddr)<7) { $spamaddr=$_SERVER['HTTP_CLIENT_IP']; }
if(strlen($spamaddr)<7) { $spamaddr=$_SERVER['REMOTE_ADDR']; }
$thisfile=$_SERVER['SCRIPT_NAME'];
$spamtext="FILE: $thisfile \nFROM: $spamrefr \nADDR: $spamaddr \nHOST:
$spamhost \nINFO:\n$spammed_field\n";
mail("spamcheck@mysite.co.uk","ALERT: $spamaddr",$spamtext,"From: IDD
Software Spamcatcher <spamcheck@mysite.co.uk>\r\n");
//echo();
die("<br><br><div align='center' class='RedWarning'>If you are a spammer
trying to inject script into my input fields, then go away and get a
life<br>otherwise<br>Please try again as you may have included some
incorrect characters.<br><br><a href='".$returnpage."'
class='BodyLink'>Return</a></div>");
}
}
This function should cause the attempt to spam to die and send info about
the spammer and he injected script to me which it does brillantly. But now
Im getting more of these notices of spamming than I was getting originally
spammed messages with many more emails in the cc: bcc: and a proper message
(just sales stuff about tea oil). Why is he still attempting this if the
spam is not working and being sent to the recipients. I have an appropriate
message displayed when the spam is attempted. Is he stupid and just sitting
there trying to spam my feedback form even though he is getting this message
telling him to go away, or is do you think there is some sort of automatic
process being run on my webpage?
Is there a way to return an email to him everytime its attempted?
The function returns his address eg ADDR: 203.198.162.124. but it changes
everytime. I dont know much about the antics and abilities of spammers (but
learning). Can anyone tell me why hes doing it still?
Navigation:
[Reply to this message]
|