On Mon, Jun 07, 2010 at 01:25:28PM -0700, Brian Dunning wrote:

> Hey - It looks like a PHP form on my server is insecure and is being used to 
> send spam. This is Rackspace's best guess. The problem is there are SO MANY 
> forms on all the web sites on this server that it would be a nightmare task 
> to try and look at them all to be sure they're properly secured.
> Is anyone aware of a way to shortcut this process, maybe find out what 
> script(s) are being attacked to send the spam?

Assuming that the form is using the mail() function or something similar
to send the spam, add yourself as a recipient of the forms you manage.
Then you will see for sure if *your* forms are being used for spam.

If you find that your forms are being used to spam, implement CAPTCHA to
hinder bots. (Nothing will stop humans manually spamming via your
forms.) Very little short of this will stop bot spam. You could sanitize
form values and reject spam-like forms, but that's complicated and
error-prone. CAPTCHA is simpler.


Paul M. Foster

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to