Posted by DrTebi on 11/25/03 11:26

On Sun, 11 Sep 2005 18:34:57 +0800, chris wrote:

> I am currently having a problem with spammers
> I have a form that sends the results using the PHP mail function to send to
> an email address.
> in the form HTML I have set the maxlength = to restrict the length of the
> input thinking this would solve the problem.
> but the spammers are still managing to put in something like this
> ----------------------------
> This is a multi-part message in MIME format.
> --===============1755057782==
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> rgdjuff
> --===============1755057782==--
> '>
> Contact from the WEBSITE contact page
> Details below;
> Name: fdujixvavr@domain.com
> Phone: fdujixvavr@domain.com
> Email: fdujixvavr@domain.com
> Content-Type: multipart/mixed; boundary=\"===============1755057782==\"
> MIME-Version: 1.0
> Subject: 6ccc5874
> To: fdujixvavr@domain.com
> bcc: jrubin3546@aol.com
> From: fdujixvavr@domain.com
> This is a multi-part message in MIME format.
> --===============1755057782==
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> rgdjuff
> --===============1755057782==--
> IP: 66.135.xx.xxx
> Comments: fdujixvavr@domain.com
> -------------------------------------------------
>
>
>
> the normal layout of the email is like this
>
> -------------------------------------------------
> Contact from the WEBSITE contact page
> Details below;
> Name:
> Phone:
> Subject:
> Email:
> IP: xxx.xxx.xxx.xxx
> Comments:
> --------------------------------------
>
> any suggestions would be great

There is another way to avoid this. Just set a session cookie, and before
sending out mail, check if that session cookie is still set. This will
work as long as the spammer's script is not smart enough to use session
cookies--it worked for me.

E.g., in your contact.php script you have at the top:
session_start();
$_SESSION['mycookie'] = 'something';

Then in your mail.php form you implement:
session_start();
if (isset($_SESSION['mycookie']) && $_SESSION['mycookie'] == 'something') {
// your code to
// send off mail
} else {
// submit did not come from contact.php script
// where a session cookie should have been set
exit;
}

Hope that helps,
DrTebi

• Next in forum: how do I get the file name of the currently running PHP file
• Prev in forum: re:php file sharing problem
• Thread view: Re: spammers abusing form

[Reply to this message]