Posted by Erwin Moller on 11/17/05 12:35

Angelos wrote:

> Hi,
>
> Because I am fed up with attacks on my form mail scripts I want to find a
> way to hack them my self and test it while I am developing it....
>
> Does anyone knows a good resource to learn how to hack my own forms ? or
> anything relative to security precautions
>
> Cheers

Hi Angelos,

That sucks. :-(
But it is hard to answer what to do if you don't give more details.

Where does the script send to?
I mean, do you set the 'to' field in your script and is the spammer somehow
adding new emailadresses to that?

What probably the best way to start defending yourself is:
- log all action on that script, and analyse them afterwards.
This can be done very easyly by storing the complete POST-part of the
requests in a file or database. (if you use post, otherwise take $_GET of
course)
Just serialize the whole $_POST, and write a script to display the content
of them, using unserialize and maybe just print_r().

Just study them afterwards, and I expect you will see what trick they use.
Then you know where to start.

Also: Store the IP adres of each request.

Knowledge is power.

just my 2 cents.

Good luck

Regards,
Erwin Moller

[Back to original message]