|
|
Posted by Phil on 05/02/07 05:52
Hi,
in my ongoing war on web-form spamming, I had a coder design a php mail
script that would blacklist IP numbers that included certain words or html
coding in their submission; alas that didn't work. couldn't run the mail
script from cgi bin so, it's in a folder in my web root; not sure how secure
that is. I use an alias on the web form, so recipient = "1" triggers what I
thought was a private (unknown) email address coded into the php script. I
thought these scripts were not readable by anyone, but that they merely
executed on the server. thought also that they might be sending contrived
"form submissions" (must be because they leave out certain fields) directly
to the php script (which supposedly limits referers to my own domain!) ...
so I changed the email destination from something stupidly obvious like
guestbook@mysite.com to a mail address with a mixed hash of letters and
numbers, but ... today I got 5 new spams, arriving at my ingeniously devised
email address. before i give up totally, am i missing something obvious
here? can php scripts be read by anyone? should i revert back to matt's
formmail.pl and hope for the best?
thanks for any php-wisdom.
Phil
[Back to original message]
|