|
|
Posted by Java Boy on 11/17/08 11:34
REMOTE_ADDR will only show the proxy IP use X-Forwarder for that matter.
--
Geeks Home
www.fahimzahid.com
"Kim Andrι Akerψ" <kimandre@NOSPAMbetadome.com> wrote in message
news:405pv9F1851ccU1@individual.net...
> Erwin Moller wrote:
>
> > xmp333@yahoo.com wrote:
> >
> > > Hello,
> > >
> > >
> > > A spammer is apparently using email injection on my form, however
> > > my I thought email injection requires mainpulation of the headers
> > > parameter in mail() and I'm not using that parameter. My mail call
> > > looks like:
> > >
> > > mail($to,$subj,$body)
> > >
> > > So how is the spammer getting me? Is mail() translating to a raw
> > > stream so that headers can be inserted in the body, or is there some
> > > kind of buffer overflow that can be exploited? Since I'm using
> > > dynamic variables, I can't see how this would occur, but then I'm
> > > no PHP expert.
> > >
> > > Any help would be greatly appreciated. I know beefing up input
> > > validation should take care of this, but I want to understand what
> > > the spammer is doing so I can reproduce and validate this fix.
> > >
> >
> > Hi,
> >
> > Log $to, $subj, $body somewhere (flatfile or database).
> > Check after spamming what the spammer did.
>
> And while you're at it, don't forget to include the IP address of the
> offender as well (environmental variable REMOTE_ADDR).
>
> --
> Kim Andrι Akerψ
> - kimandre@NOSPAMbetadome.com
> (remove NOSPAM to contact me directly)
[Back to original message]
|