On 18 Jan 2008, at 16:01, Eric Butera wrote:
On Jan 18, 2008 10:55 AM, Javier Huerta <jhuerta@xxxxxxxxxxxxxxxx>
wrote:
Thanks for all of your suggestions which all point to using
Catpcha. I have
actually already implemented Capchta and they are still getting
around it.
Even if they are entering it manually rather than via a bot, is
there a way
to check if the email address is of a specific format and if so
then don't
process the form?
What does your form actually do? Does it email you, email them, stick
something in a DB? What?
Regardless, if they're entering a nonsense email address and are
managing to get your script to email other people then you're not
validating the inputs correctly. For example, are you checking that
the email address does not contain carriage returns or line feeds?
Same with the subject if your form includes that.
Anything that comes from the form and ends up in the email headers
needs to be checked in this way.
The answer to your question is "only if you can define the format
precisely enough".
-Stut
--
http://stut.net/
""Javier Huerta"" <jhuerta@xxxxxxxxxxxxxxxx> wrote in message
news:49.22.18592.36DB0974@xxxxxxxxxxxxxxx
I am wondering if there is a way to block out email addresses in
specific
format from a form? We ahve a form that people have to enter an
email
address, and the form has been getting used by bots to send spam
to a
listserv. The email address they enter is in this type of format
gfjhjfg@xxxxxxxxxxxx, and of course it is always just a bit
different every
time. Any help is greatly appreciated.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If a human is involved you can't really do anything about it other
than slow them down. If they're doing this a lot you can implement
some backend server tracking. It is really hit and miss, but you can
try tracking by IP, but proxies make this fail. You can also make
sure that you require sessions. That might help a bit but a user can
always clear their cookies.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
