Re: php mail form and spam — PHP Programming Language

You are here: Re: php mail form and spam « PHP Programming Language « IT news, forums, messages

Posted by shimmyshack on 04/21/07 14:57

On Apr 21, 3:02 pm, Drazen Gemic <trench...@yahoo.com> wrote:
> I have a feedback form on my site. People can fill the fields and
> message is sent to me using 'mail' function, after the form gets
> submitted (POST).
>
> The fields are subject, from and text. 'subject' is optional, others
> are mandatory. PHP script that handles the form input takes in account
> predefined field names only.
>
> The problem is that someone is sending me spam using that form. I
> don't believe that they target me specificaly. It is more likely that
> some automated robot is doing that. I tried to change field names, but
> still getting the messages. I checked the message source, and they are
> comming from the form.
>
> My question is how they can guess the field names and determine which
> mean what by automated process ? I guess they can parse html form to
> get names, but how they can put values in proper fields ? Are they
> using trial and error ? I should get messages with text in subject
> field, too, then, but I don't.
>
> It is a possible that someone is sending messages by hand, but who
> could be such idiot ?
>
> DG

more likely the script assumes an order, and that textarea is the
body, and the others being subject and from - its common, things might
be worse than you know, has the form been used to send emai to any
other address using header injection, do you take steps to stop header
injection? search this group for your problem it has been dealt with
in depth only a month ago. when you say "from" do you mean an email
address, or a name. if email address do you validate it? By requiring
a valid email address, which you then vailidate and which uses a non
standard input name you might at least require that their script has
to step up a notch.
in general there is one easy way to defeat this, dont worry about it,
just use antispam on your home machine to identify and stop the spam
posts which contain links to known stuff on dnsbl. spam pal is good
for this, and other which use spamassin / bayesian statistical
methods.

Navigation:

Next in forum: Re: php mail form and spam
Prev in forum: output problems UTF-8??plzzzz help
Thread view: Re: php mail form and spam

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация