Reply to Re: spammers abusing form

Your name:

Reply:


Posted by DrTebi on 11/05/03 11:26

On Sun, 11 Sep 2005 18:34:57 +0800, chris wrote:

> I am currently having a problem with spammers
> I have a form that sends the results using the PHP mail function to send to
> an email address.
> in the form HTML I have set the maxlength = to restrict the length of the
> input thinking this would solve the problem.
> but the spammers are still managing to put in something like this
> ----------------------------
> This is a multi-part message in MIME format.
> --===============1755057782==
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> rgdjuff
> --===============1755057782==--
> '>
> Contact from the WEBSITE contact page
> Details below;
> Name: fdujixvavr@domain.com
> Phone: fdujixvavr@domain.com
> Email: fdujixvavr@domain.com
> Content-Type: multipart/mixed; boundary=\"===============1755057782==\"
> MIME-Version: 1.0
> Subject: 6ccc5874
> To: fdujixvavr@domain.com
> bcc: jrubin3546@aol.com
> From: fdujixvavr@domain.com
> This is a multi-part message in MIME format.
> --===============1755057782==
> Content-Type: text/plain; charset=\"us-ascii\"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> rgdjuff
> --===============1755057782==--
> IP: 66.135.xx.xxx
> Comments: fdujixvavr@domain.com
> -------------------------------------------------
>
>
>
> the normal layout of the email is like this
>
> -------------------------------------------------
> Contact from the WEBSITE contact page
> Details below;
> Name:
> Phone:
> Subject:
> Email:
> IP: xxx.xxx.xxx.xxx
> Comments:
> --------------------------------------
>
> any suggestions would be great

There is another way to avoid this. Just set a session cookie, and before
sending out mail, check if that session cookie is still set. This will
work as long as the spammer's script is not smart enough to use session
cookies--it worked for me.

E.g., in your contact.php script you have at the top:
session_start();
$_SESSION['mycookie'] = 'something';

Then in your mail.php form you implement:
session_start();
if (isset($_SESSION['mycookie']) && $_SESSION['mycookie'] == 'something') {
// your code to
// send off mail
} else {
// submit did not come from contact.php script
// where a session cookie should have been set
exit;
}

Hope that helps,
DrTebi

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация