Yikes, so besides disabling the mail() function, how do you check for all that? Regards, Bruce >>> "Richard Lynch" <ceo@xxxxxxxxx> 8/11/2006 8:14 a.m. >>> On Tue, November 7, 2006 12:42 am, Pieter du Toit wrote: > I have a website that is being crawled or whatever and i have a > submission > form for an event. > > I keep on getting random mail from this form. > > I have even disabled the submit button on the form, but keep on > getting it. > > What can i do? Disable the mail() function bit in your code that processes the FORM submission. The Bad Guys are probably cramming your $subject and $from data with an ENTIRE eamil, so your mail() function is, in effect, and Open Relay. (That's very very very bad.) Example: Normal Input $subject = "Hi!"; Bad Guy Input $subject = "Hi!\r\nCc: victim1@xxxxxxxxxxx\r\nvictim2@example.com"; If you do: mail($to, $subject, $body); then you are letting THEM control the headers of your email, which lets them splice in 1000 recipients to their junk. Plus then can also splice in MIME headers and a new body to send virus-laden emails, and the $body you thought you were sending is just tacked on to the end of their body. Or not, if they splice in something to convince SMTP to "end" the email at the end of their body (which you've crammed into $subject in your mail() function call). -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
