Printer Friendly Version
Email this thread to a friend
|
Featured Web Site Template |
|
| Member |
Message |
dpeddle
Joined: Eons Ago
# Posts: 269
|
Posted: 09/12/2005 01:17 pm
One of my clients is getting hit with 100 fake emails filling out his webform everyday using emails lke ghsahas @ hisdomain.com
I have 2 ideas but need some help oimpementing them:
1) PHP function to chenck $Email to see if the domain is his domain.... if it is... reject the email. This is because all of the fakes use his domain name.
2) How to install a captcha (?) ... the image security script that many forms now use... i would like one that does not require a database.
|
 |
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 09/12/2005 03:01 pm
Yes, I just had that problem, it's actually not that hard to fix.
I just added this code right before the main error detection component:
$error = '';
........ get all the email form data
$ems = '';
// stop email server hacks
$ems .= $message;
$ems .= $subject;
$ems .= $address;
if ( stristr( $ems, 'content-type:' ) ¦¦ stristr( $ems, 'multipart/mixed' ) ¦¦ stristr( $ems, 'boundary="' ) ¦¦ stristr( $ems, 'cc:' ) ¦¦ stristr( $ems, 'multi-part message in mime format' ) ¦¦ stristr( $ems, 'to:' ) ¦¦ eregi( "(%[a-f0-9])", $ems ) ¦¦ stristr( $ems, '0x' ))
// the last two are in case they try using hex or other non standard characters
{
$error .= "<p>Don't bother</p>";
}
if ( $error )
{
echo $error;
}
else
{
...... finish email sending
Those guys are using what's called email injection, where they simply inject into your form fields using an automated bot extra header information so your script can be used to send out spam.
There are other ways to deal with it, this one seems to be working fine.
Replace the ¦¦ with standard pipe characters, not broken.
[ Message was edited by: lizardz 09/12/2005 04:46 pm ]
|
|
redgtsviper
Joined: Feb 27, 2006
# Posts: 3
|
Posted: 02/27/2006 07:26 pm
How can this be added to my code. I am new to PHP, It is still greek to me.
Here is my code
<?php
$msg = "My Website Online Contact Submissionn";
$msg .= "Name: $namen";
$msg .= "Comments: $emailAddressnn";
$msg .= "Comments: $phonenn";
$msg .= "Comments: $messagenn";
// Edit if it is nessecery
$to = "$toaddress";
$subject = "CONTACT PAGE FROM WEBSITE";
$mailheaders = "From: Website Submission Form <$emailAddress>n";
$mailheaders .= "Reply-To:$Email_Address <$emailAddress>nn";
// Mail to address
mail ( $to, $subject, $msg, $mailheaders );
?>
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
