On 8/18/05, Cilliè <phake@xxxxxxxxxxxxxx> wrote: > >> Notice that their "hack" contains a BCC to "mhkoch321@xxxxxxx". Perhaps > >> this is an email account set up by the "hacker". > > > > sorry, i'm a bit in the dark here. how did they manage to fill in bcc ? > > you mean > > that someone can spam from your site by bcc'ing messages to other mail > > accounts ? > > whoops ! got a bit carried away there. sorry. but wouldn't a simple check > in the length of the job title field , or a regex or something be able to > prevent > this asswell ? come to think of it, simply replacing all @'s with <at> will > also solve the problem .. Yes, that should be enough. Acually, I am not _sure_ that his trick is succeeding in every case. But I think that it was in mine, because as soon as I started blocking, I got a nasty email. Go put a regex in your forms! Dotan http://lyricslist.com/lyrics/artist_albums/139/crow_sheryl.php Sheryl Crow -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
