Sandy Keathley wrote:
My company uses a home-grown formmail script for clients
groan, and someone is using curl to inject HTTP headers and
spam email addresses, and turn it into an open relay. Yes, I know
1. cut out the ability for the poster (form submitter) to determine who is
addressed.
Sandy Keathley wrote:
My company uses a home-grown formmail script for clients
groan, and someone is using curl to inject HTTP headers
and spam email addresses, and turn it into an open relay.
Yes, I know the right answer is to not use a formmail,
but I don't make the rules here.
Is there a way
Sandy Keathley wrote:
Is there a way to detect that a script is being accessed by curl, and
not by a browser? ENV ($_SERVER) variables won't work, as
those can be forged.
Use a CAPTCHA test:
http://en.wikipedia.org/wiki/Captcha
HTH, cheers!
Silvio
--
tradeOver |
3 matches
Mail list logo
