Forms getting spammed HELP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
    I have a guestbook form that is getting spammed regularly(10 timeds a  
day) by a bot of some kind. I'm in the proccess of picking up PRO PHP  
Security from apress,(Which i need anyway) but I was wondering if anyone has  
a quick fix for this.or point me in the right direction.My client isnt  

Re: Forms getting spammed HELP

There was a thread about it just one month ago in this newsgroup. Read

For an explanation of mail injection. Reading this, I suggest that your  
first "quick" step is to reject any user supplied mail headers with a  
newline character in it. It is best to do that both at the input and the  
output side: It is an attack if someone slips a newline in a header (it  
is too hard to do with an HTML text input to suggest it was a typo).
But the real error is not wether you accept invalid user data or not,  
the real error is that you pass data to the mail function that can have  
side effects. So writing a wrapper function for the standard mail()  
function, but with extra parameter checks, should prevent a lot of problems.

Best regards

Mike wrote:
Quoted text here. Click to load it

Re: Forms getting spammed HELP

Mike wrote:

Quoted text here. Click to load it
I use Matt's Perl guestbook on one site.

I ended up "hacking" it to disallow certain phrases. My list of  
forbidden words is very short and includes certain pharmaceuticals and  
"Texas hold-em." I issue an apology to the guestbook user explaining the  
necessity to disallow posts with those words. No valid user has has  
triggered that filter yet.

The best thing I did, though (and probably all that's necessary) was to  
simply rename the guestbook script file (and the html files) to  
something nearly random (something besides guestbook). Since doing that  
the spammers have disappeared.

 Chuck Anderson • Boulder, CO
 Integrity is obvious.
 The lack of it is common.

Re: Forms getting spammed HELP

<Sat, 17 Dec 2005 16:14:54 GMT>

Quoted text here. Click to load it

See if your client would like the above .

Minor hacking around skills needed to put it into your own guestbook .

Site Timeline