|
Posted by Thanks on 12/17/06 13:37
"Ric" <antispam@randometry.com> wrote in message
news:em38b0$1mp$1@online.de...
> Vince Morgan schrieb:
>> "Vince Morgan" <vinhar@REMOVEoptusnet.com.au> wrote in message
>> news:4584aba3$0$16557$afc38c87@news.optusnet.com.au...
>>
>>> How are they using 'contact us' for relay? I would think that the first
>>> argument "to" should be a fixed value. Without being able to change
>>> that
>>> they could only spam that one address.
>>> However, the 'email this page' is another story.
>>> You could check that the body, or subject, depending on how you set it
>>> up,
>>> is a URL first. Then that the URL matches only those from your site.
>>> Of course they could circumvent that but without knowing why the emails
>>> aren't sending in the first place, it would be very difficult for them.
>>> Hopefully difficult enough to make it altogether very unattractive.
>>> Of course you wouldn't send back a page describing the reason for the
>> error
>>> :)
>>> You could look at using a "captcha" image as well.
>>> I'll be interested in reading other's solutions too.
>>>
>>> HTH
>>> Vince Morgan
>>>
>>>
>> A very naive reply. I should have examined header injection long ago.
>
> If one allows header injection he should not develop any kind of software.
>
> Basic principle: when a user has to fill in info you tell him if the
> input is within the expected range if it comes to email this means,
> checking if he entered name@domain.
> You don't even have to know about header injection you just have to
> follow basic principles, above would make sure there is no header
> injection.
>
>> What I didn't know was far far more than I actualy did know :)
>> Sorry for the idiotic reply.
>> Vince Morgan
The company responsible for development our website doesn't want to answer
our call/email for solving the problem.
I haven't check whether the spam was cause by header injection or not
because I am not the technical support for our webserver.
I only know the spam came in and the technical support disable email server
link from the webserver and that stop the spam.
Navigation:
[Reply to this message]
|