Reply to Re: webpage with php mail() function prone to spam?

Your name:

Reply:


Posted by Thanks on 12/17/06 13:37

"Ric" <antispam@randometry.com> wrote in message
news:em38b0$1mp$1@online.de...
> Vince Morgan schrieb:
>> "Vince Morgan" <vinhar@REMOVEoptusnet.com.au> wrote in message
>> news:4584aba3$0$16557$afc38c87@news.optusnet.com.au...
>>
>>> How are they using 'contact us' for relay? I would think that the first
>>> argument "to" should be a fixed value. Without being able to change
>>> that
>>> they could only spam that one address.
>>> However, the 'email this page' is another story.
>>> You could check that the body, or subject, depending on how you set it
>>> up,
>>> is a URL first. Then that the URL matches only those from your site.
>>> Of course they could circumvent that but without knowing why the emails
>>> aren't sending in the first place, it would be very difficult for them.
>>> Hopefully difficult enough to make it altogether very unattractive.
>>> Of course you wouldn't send back a page describing the reason for the
>> error
>>> :)
>>> You could look at using a "captcha" image as well.
>>> I'll be interested in reading other's solutions too.
>>>
>>> HTH
>>> Vince Morgan
>>>
>>>
>> A very naive reply. I should have examined header injection long ago.
>
> If one allows header injection he should not develop any kind of software.
>
> Basic principle: when a user has to fill in info you tell him if the
> input is within the expected range if it comes to email this means,
> checking if he entered name@domain.
> You don't even have to know about header injection you just have to
> follow basic principles, above would make sure there is no header
> injection.
>
>> What I didn't know was far far more than I actualy did know :)
>> Sorry for the idiotic reply.
>> Vince Morgan

The company responsible for development our website doesn't want to answer
our call/email for solving the problem.
I haven't check whether the spam was cause by header injection or not
because I am not the technical support for our webserver.
I only know the spam came in and the technical support disable email server
link from the webserver and that stop the spam.

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация