Re: Block email inject spammers
- From: "François" <franc@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 6 Feb 2006 18:28:11 +0100
"Gordon Burditt" <gordonb.eiwt9@xxxxxxxxxxx> wrote in message
news:11uf04s9ocmvc08@xxxxxxxxxxxxxxxxxxxxx
if (ereg(":", $Name)) || (ereg(":", $From))
If I validate my mail() headers thus, will this stop spammers being
able to abuse my mail form? If there is somebody who has a colon in
their name or email address, I have yet to meet them.
Do not permit any variable used in constructing the arguments
to the mail() function to contain line ending characters (\r or \n)
except for the message body, and that only after you have provided
a blank line to separate the headers from the body. You check
this with PHP, *not* javascript (which can be removed from the
spammer's copy of the form).
Do not allow the form to specify any part of the to: or cc: address.
Hi Gordon,
Thanks for your input. I only have three user fields in the form. If I
expand the colon removal to all three fields that'll do the trick
won't it? They need the colon to inject spurious cc: or bcc:
addresses.
Many thanks
Franc
.
- Follow-Ups:
- Re: Block email inject spammers
- From: Gordon Burditt
- Re: Block email inject spammers
- References:
- Block email inject spammers
- From: François
- Re: Block email inject spammers
- From: Gordon Burditt
- Block email inject spammers
- Prev by Date: Re: Mysterious \'
- Next by Date: (OT) where to download world list of countries and their cities?
- Previous by thread: Re: Block email inject spammers
- Next by thread: Re: Block email inject spammers
- Index(es):
Relevant Pages
|
