|
|
Posted by Tommy on 09/13/05 17:58
"DrTebi" <drtebi@yahoo.com> wrote in message
news:pan.2005.09.12.22.05.02.5144@yahoo.com...
> On Sun, 11 Sep 2005 18:34:57 +0800, chris wrote:
>
>> I am currently having a problem with spammers
>> I have a form that sends the results using the PHP mail function to send
>> to
>> an email address.
>> in the form HTML I have set the maxlength = to restrict the length of the
>> input thinking this would solve the problem.
>> but the spammers are still managing to put in something like this
>> ----------------------------
>> This is a multi-part message in MIME format.
>> --===============1755057782==
>> Content-Type: text/plain; charset=\"us-ascii\"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> rgdjuff
>> --===============1755057782==--
>> '>
>> Contact from the WEBSITE contact page
>> Details below;
>> Name: fdujixvavr@domain.com
>> Phone: fdujixvavr@domain.com
>> Email: fdujixvavr@domain.com
>> Content-Type: multipart/mixed; boundary=\"===============1755057782==\"
>> MIME-Version: 1.0
>> Subject: 6ccc5874
>> To: fdujixvavr@domain.com
>> bcc: jrubin3546@aol.com
>> From: fdujixvavr@domain.com
>> This is a multi-part message in MIME format.
>> --===============1755057782==
>> Content-Type: text/plain; charset=\"us-ascii\"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> rgdjuff
>> --===============1755057782==--
>> IP: 66.135.xx.xxx
>> Comments: fdujixvavr@domain.com
>> -------------------------------------------------
>>
>>
>>
>> the normal layout of the email is like this
>>
>> -------------------------------------------------
>> Contact from the WEBSITE contact page
>> Details below;
>> Name:
>> Phone:
>> Subject:
>> Email:
>> IP: xxx.xxx.xxx.xxx
>> Comments:
>> --------------------------------------
>>
>> any suggestions would be great
>
> There is another way to avoid this. Just set a session cookie, and before
> sending out mail, check if that session cookie is still set. This will
> work as long as the spammer's script is not smart enough to use session
> cookies--it worked for me.
>
> E.g., in your contact.php script you have at the top:
> session_start();
> $_SESSION['mycookie'] = 'something';
>
> Then in your mail.php form you implement:
> session_start();
> if (isset($_SESSION['mycookie']) && $_SESSION['mycookie'] == 'something')
> {
> // your code to
> // send off mail
> } else {
> // submit did not come from contact.php script
> // where a session cookie should have been set
> exit;
> }
nice and smart solution ;)
cool
Navigation:
[Reply to this message]
|