On Wed, August 9, 2006 3:17 pm, Micky Hulse wrote:
> Recently, a client of mine was getting a ton of spam email from a site
> called hotbox.com. I updated her form to one with more spam security,
> but she is still receiving junk email.
If you are not already, PLEASE make sure that any headers you pass in
to mail(), including the "to", "subject", and "headers" args (1, 2,
and 4 args) do *NOT* have any newlines in the user-input data.
Cuz if you ain't doing that, you're not just letting them spam your
client, but also letting them inject spam to ALL OF US!
Don't do that. :-)
> Anyone feel like sharing code snippets that will help beef-up spam
> protection for a contact script?
I also just trash anybody trying to send HTML "enhanced" (cough,
cough) email through the website form -- You KNOW only a spammer is
going to sit there and type HTML into an email form on a website.
if (strip_tags($body) != $body) { die("spammer"); }
> Do you all enable a CAPTCHA system?
I did on one site that was just getting pounded -- Actually it was a
guestbook with site-owner approval, so the junk never went public, but
that didn't stop the automated spammers from trying anyway, and the
client sure didn't want to scroll through hundreds of "posts" to find
the one real one. Sigh.
I *hate* CAPTCHA for various reasons, but I was stuck for any other
solution that would stop the junk...
YMMV
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
