You are here: Re: webpage with php mail() function prone to spam? « All PHP « IT news, forums, messages
Re: webpage with php mail() function prone to spam?

Posted by Ric on 12/17/06 11:06

Vince Morgan schrieb:
> "Vince Morgan" <vinhar@REMOVEoptusnet.com.au> wrote in message
> news:4584aba3$0$16557$afc38c87@news.optusnet.com.au...
>
>> How are they using 'contact us' for relay? I would think that the first
>> argument "to" should be a fixed value. Without being able to change that
>> they could only spam that one address.
>> However, the 'email this page' is another story.
>> You could check that the body, or subject, depending on how you set it up,
>> is a URL first. Then that the URL matches only those from your site.
>> Of course they could circumvent that but without knowing why the emails
>> aren't sending in the first place, it would be very difficult for them.
>> Hopefully difficult enough to make it altogether very unattractive.
>> Of course you wouldn't send back a page describing the reason for the
> error
>> :)
>> You could look at using a "captcha" image as well.
>> I'll be interested in reading other's solutions too.
>>
>> HTH
>> Vince Morgan
>>
>>
> A very naive reply. I should have examined header injection long ago.

If one allows header injection he should not develop any kind of software.

Basic principle: when a user has to fill in info you tell him if the
input is within the expected range if it comes to email this means,
checking if he entered name@domain.
You don't even have to know about header injection you just have to
follow basic principles, above would make sure there is no header injection.

> What I didn't know was far far more than I actualy did know :)
> Sorry for the idiotic reply.
> Vince Morgan
>
>

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация