|
|
Posted by nospam@example.com on 09/28/05 11:44
I've been getting the same kind of spam too. In my experience they are
almost always sent from different IP addresses so IP filtering wouldn't
make much difference. Filtering might also block legitimate feedback
from a user that wants to resend the form, let alone a group of users
using the same proxy server.
Here are some of my suggestions:
In the mail sending script, check if $_SERVER['HTTP_REFERER'] is in
fact what you are expecting it to be: the URL of the page(s) where the
form is displayed. This however can be spoofed, so it's no guarantee.
This may or may not be appropriate in your situation, but I blocked
every feedback sent from my own domain, since I'm not expecting mails
from people on my domain.
Give your field names unusual names. For example <input name="FGQS154"
/> and <textarea name="AG45EQZR"> instead of <input name="email" /> and
<textarea name="message">. This prevents these malicious scripts from
guessing what your form is all about.
If all else fails generate a random string which users have to enter in
a form field. Store the string in your session and when the form is
sent check if the user's entry matches the code stored. Ideally the
code is displayed as an image with the GD library. This solution might
not be very user friendly though, especially for a simple contact form.
mungos301@yahoo.com wrote:
> I have feedback form on my web page using sendeal.php
> and almost every day I'm receiving mails from my web page
> with faked mail address as shown:
>
> sport3453@myweb.com
> sdgav234@myweb.com
> kjgkasdgak@myweb.com, etc...
>
> Can anybody help me to protect my feedback form from
> situation like this. I tried to change name of PHP script,
> change permissions, and variables (declaration)..--- no success.
>
Navigation:
[Reply to this message]
|