You are here: Re: form processing spammed « PHP Programming Language « IT news, forums, messages
Re: form processing spammed

Posted by cmcnaught on 10/06/03 11:26

Thanks Gordon,
Good input.
This form input is not used for the database at present, in other areas
I use mysql_escape_string() or similar.
I think HTTP_REFERER can easily be spoofed
I am the reipient of the spam, the 'to' address is hidden, no problem
for anyone else, its the return address which is being randomized with
my domain name and posted into the form processor.
I want to avoid login for this application, I have several other sites
well protected with a encrypted password/session/cookie method.
I'm now thinking of a hidden variable which is filled in on the
onSubmit path from a javascript constant. That should make it a bit
harder to figure out with a script. Maybe concatenated from several
constants.
What do you think?
cj

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация