Quick note to Kevin Waterson:
Hehe, I think all this talk about spam sent my response to your reply
into your spam filter... I got a bounce back. Thanks for help though...
let me know if there is any way I can re-send the email without a
bounce-back.
Richard Lynch wrote:
If you are not already, PLEASE make sure that any headers you pass in
to mail(), including the "to", "subject", and "headers" args (1, 2,
and 4 args) do *NOT* have any newlines in the user-input data.
Sounds good to me. Thanks for pointing that out.
I just found this link:
*Form Post Hijacking*
<http://www.anders.com/projects/sysadmin/formPostHijacking/>
Looks like the above article mentions the same thing and proposes this
as a fix:
$_POST['email'] = preg_replace("/\r/", "", $_POST['email']);
$_POST['email'] = preg_replace("/\n/", "", $_POST['email']);
This is another good one:
*Email Injection*
<http://www.securephpwiki.com/index.php/Email_Injection>
Cuz if you ain't doing that, you're not just letting them spam your
client, but also letting them inject spam to ALL OF US!
Don't do that. :-)
Man, spammers suck!!!!! I just had someone take over my own domain a
couple weeks ago... thank god for Spam Assassin and Cpanel! :D
I also just trash anybody trying to send HTML "enhanced" (cough,
cough) email through the website form -- You KNOW only a spammer is
going to sit there and type HTML into an email form on a website.
if (strip_tags($body) != $body) { die("spammer"); }
Ahh, good point. So, with the above line, you are saying:
If the message body stripped of all html tags is not equal to the
message body, then kill the script? Ah, makes perfect sense... a great
way to test for html spam. Thanks for sharing! :D
Do you all enable a CAPTCHA system?
I did on one site that was just getting pounded -- Actually it was a
guestbook with site-owner approval, so the junk never went public, but
that didn't stop the automated spammers from trying anyway, and the
client sure didn't want to scroll through hundreds of "posts" to find
the one real one. Sigh.
Man, that sucks. SMFing spammers. They really are annoying.
I *hate* CAPTCHA for various reasons, but I was stuck for any other
solution that would stop the junk...
Yeah, I would prefer to not setup a CAPTCHA too (although, I would like
to learn how to script one)... hopefully implementing your (and everyone
else's) great suggestions will really make my script hard to spam.
Thanks Richard, I really appreciate... you are always very helpful and
your advice is top-notch. :)
Cheers,
Micky
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
