|
|
Posted by Ken Robinson on 10/13/28 11:26
"chris" <someone@here.com> wrote in news:43240852$1@dnews.tpgi.com.au:
> I am currently having a problem with spammers
> I have a form that sends the results using the PHP mail function to
> send to an email address.
> in the form HTML I have set the maxlength = to restrict the length of
> the input thinking this would solve the problem.
> but the spammers are still managing to put in something like this
These guys are not using your forms directly, they did a screen scrape
and are trying different ways of getting your form to send spam.
Here's what I have been posting on other forums when people ask about the
problem:
I use the following function
function checkit($name) {
return(str_replace(array("\r", "\n", "%OA", "%oa", "%OD", "%od",
"Content-Type:","BCC:","bcc:"), "", $name));
}
to render their attempts harmless.
I use the above function with:
$from = '"' . stripslashes(checkit($_POST['contactname'])) . '" <' .
stripslashes(checkit($_POST['Email'])) . '>';
$to = "your@hardcoded.emailaddres.here";
$headers = "From: " . $from . "\r\n";
$headers .= "Reply-To: " . stripslashes(checkit($_POST['Email'])) . "\r\n
\r\n";
@mail($to, "Subject goes here", $mail_body, $headers);
They are still trying, but they aren't succeeding to do anything
malicious. One of the attempts even put their code in my message
textarea, which wouldn't have done anything anyway since it was in
the body of the mail message.
Ken
Navigation:
[Reply to this message]
|