|
|
Posted by Don Khuth on 03/13/06 01:41
I've been receiving spam on my site lately as well, mainly comment spams.
I had to resort to adding a turing number. This number changes with every
refresh of the page. What I found out was that someone was automatically
using a script to post to my PHP script to send garbage onto my blog. Adding
the turing numbers meant that they had to be on my site, typing the new
numbers
everytime they use the form.
I would generate a random turing number and echo that number on the form and
then store it in a session variable. So when the form posts to a PHP script,
it will test
to see if the turing number posted matches the turing number in the session
variable.
After adding the turing number, I haven't seen a single spam on my blog.
Hope that helps.
Don
>-------------------------------------------
"Brian" <not@given.com> wrote in message
news:mG_Qf.2015$ZJ2.197@newsfe6-gui.ntli.net...
> Hi all
>
> Over the past few weeks I have been getting spam sent
> to myself via my site. Who ever is doing it is sending
> spam via my form process script. I have a standard
> form that gets pasted to a PHP script that formats it and
> sends it to me.
>
> I was using the following
>
> $body = "The body of the email";
> $to = "address@domain.com" ;
> $subject = "Enquiry Form";
> $headers = "MIME-Version: 1.0\n";
> $headers .= "Content-type: text/html; charset=iso-8859-1\n";
> $headers .= "From:$Email <$Contact_Name>\n";
> mail($to, $subject, $body, $headers);
>
> Because of all the trouble I have now removed
> $headers .= "From:$Email <$Contact_Name>\n"; but
> still get loads of spam just not as emails, they are now formateed
>
> I am running a strip_tags() on all the info that comes into
> the script and would have thought it would stripped out the crap?
>
> Is there any way to say only run the script if it was posted from a
> given domain (eg mine), I'm hopping that this will stop the spamming?
>
> Thanks
>
> Brian
>
>
Navigation:
[Reply to this message]
|