Hi,
I think this may have been a post here but here is the code:
<?php
// email injection clean up.
function safermail($to,$subject,$body,$from)
{
$bad = array("\n","\r","\0",",");
$good = "?";
$to = str_replace($bad,$good, $to);
$subject= str_replace($bad,$good, $subject);
$from = str_replace($bad,$good, $from);
$addlhdr = "From: $from\r\nReply-To: $from\r\n";
return mail ( $to, $subject, $body , $addlhdr );
}
//mail( "[EMAIL PROTECTED]", $subject, $body, "From: $email" );
safermail( "[EMAIL PROTECTED]", $subject, $body, $email );
?>
Basically you are removing the ability to send more than one email at
time. So if a spam bot enters email, email, email, email,
email ...etc the script removes the delimitor and replaces it with an
illegal '?' so that your email server will through a parsing error
and not send any email from the current request due to a malformed TO
or CC or BBC.
Sincerely,
Mike
--
Mike Brandonisio * IT Planning & Support
Tech One Illustration * Database Applications
tel (630) 759-9283 * e-Commerce
[EMAIL PROTECTED] * www.techoneillustration.com
On Jan 22, 2006, at 8:15 AM, Linux User wrote:
> Marian Briones wrote:
>> Hi gang
>> How do I prevent spam bots from exploiting php scripts that send
>> mail?
>>
>> Need to know...
>>
>> (SIGH)
>>
>> Happy New year by the way.
>>
>> Marian
>
> My script checks for proper domain, so far so good.
> $email = $_POST['email'];
>
>
> if($email) {
> // take a given email address and split it into the username and
> domain.
> list($userName, $mailDomain) = split("@", $email);
> if (checkdnsrr($mailDomain, "MX")) {
> // this is a valid email domain!
> $sql_mailings = "insert into Mailings(email) values('$email')";
> $res_mailings = mysql_query( $sql_mailings, $conn) or
> die(mysql_error($conn));
> echo("Email Added, thanks");
> }
> else {
> // this email domain doesn't exist! bad dog! no biscuit!
> echo("<br>Please enter a valid address!");
> echo("<br><a href=\"$self\">Back</a>");
> }
>
>
> }
> else{
> echo (' <form method="post" action="'.$self.'" name="Mailing List">
> <small>Add your email address<br>
> <input maxlength="150" size="50"
> name="email"><input name="Submit" value="submit"
> type="submit"><br>
> <span style="font-weight: bold; text-decoration:
> underline;">Privacy
> policy:</span> <br>
> The address you enter will not be sold or given
> away.</small><br></form>');
> }
>
>
>
> Community email addresses:
> Post message: [email protected]
> Subscribe: [EMAIL PROTECTED]
> Unsubscribe: [EMAIL PROTECTED]
> List owner: [EMAIL PROTECTED]
>
> Shortcut URL to this page:
> http://groups.yahoo.com/group/php-list
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/