|
|
Posted by Erwin Moller on 11/17/05 12:35
Angelos wrote:
> Hi,
>
> Because I am fed up with attacks on my form mail scripts I want to find a
> way to hack them my self and test it while I am developing it....
>
> Does anyone knows a good resource to learn how to hack my own forms ? or
> anything relative to security precautions
>
> Cheers
Hi Angelos,
That sucks. :-(
But it is hard to answer what to do if you don't give more details.
Where does the script send to?
I mean, do you set the 'to' field in your script and is the spammer somehow
adding new emailadresses to that?
What probably the best way to start defending yourself is:
- log all action on that script, and analyse them afterwards.
This can be done very easyly by storing the complete POST-part of the
requests in a file or database. (if you use post, otherwise take $_GET of
course)
Just serialize the whole $_POST, and write a script to display the content
of them, using unserialize and maybe just print_r().
Just study them afterwards, and I expect you will see what trick they use.
Then you know where to start.
Also: Store the IP adres of each request.
Knowledge is power.
just my 2 cents.
Good luck
Regards,
Erwin Moller
Navigation:
[Reply to this message]
|