true, but those seem to require real works, mine is defintely not real words. That is hwy you need both images and to "scrub" the headers.
Re: contact.php hacking
Collapse
X
-
Originally posted by AndyI am aware of that. I have that same script on a few sites. I really like the script. but I will just get rid of it, and find something else. I will remove the scripts from the sites tonight.Dan BlombergComment
-
catching the bad guys??
Originally posted by PedjaYou know, I am asking myself, will the day come, when someone would say "Enough is enough!" and start taking spam as serious criminal activity and also pay attention to ISP's that alow their systems to be used to make atacks.
As long as abuse is not sanctioned properly we will all suffer. Solution is not to prevent them to do it, but to punishing them when they do it.Comment
-
If anyone wants this flash email form and the corresponding php form, I'll make it available: http://www.ianlabs.com/contact/
Of course you'll have to edit it to suit your needs.
I'm no programmer, but the way I figure it, a spam bot surfing the page will not know what to do with the flash code.Comment
-
Originally posted by cathodeIf anyone wants this flash email form and the corresponding php form, I'll make it available: http://www.ianlabs.com/contact/
Of course you'll have to edit it to suit your needs.
I'm no programmer, but the way I figure it, a spam bot surfing the page will not know what to do with the flash code.Dan BlombergComment
-
Originally posted by cathodeIf anyone wants this flash email form and the corresponding php form, I'll make it available: http://www.ianlabs.com/contact/
Of course you'll have to edit it to suit your needs.
I'm no programmer, but the way I figure it, a spam bot surfing the page will not know what to do with the flash code.Comment
-
I'm getting kind of confused, so before I continue trying to get all of this, I thought I'd ask two quick questions.
Do we still need to implement anti-spam images even with the mod_security thing be installed on all servers?
Do we have to run anything for the mod_security mail injection filters to start working, or are they automatically implemented?
Thanks,
DannyComment
-
mod_security works automatically for every page that is served via HTTP.
You still need to modify your scripts and secure them. Depending on mod_security to do this for you is entirely the wrong way to be going about this.
The reason I've always been hesitant in even running mod_security is because it is the wrong solution IMO. These problems need to be fixed entirely, not just denied access to by mod_security.Comment
-
Download the flash feedback form source here:
If a PHP guy could be so kind as to modify the script below to include the IP address and any other details about the poster, I would consider it a nice fair trade
Code:<? if(!empty($HTTP_POST_VARS['sender_mail']) || !empty($HTTP_POST_VARS['sender_message']) || !empty($HTTP_POST_VARS['sender_subject']) || !empty($HTTP_POST_VARS['sender_name'])) { $to = "you@email.com"; $subject = stripslashes($HTTP_POST_VARS['sender_subject']); $body = stripslashes($HTTP_POST_VARS['sender_message']); $body .= "\n\n---------------------------\n"; $body .= "Mail sent by: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $body .= "Website: " . $HTTP_POST_VARS['sender_website'] . "\nPhone:" . $HTTP_POST_VARS['sender_phone'] . "\n"; $header = "From: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $header .= "Reply-To: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $header .= "X-Mailer: PHP/" . phpversion() . "\n"; $header .= "X-Priority: 1"; if(@mail($to, $subject, $body, $header)) { echo "output=sent"; } else { echo "output=error"; } } else { echo "output=error"; } ?>
Comment
-
cathode,
this should work for ya:
Code:<? if(!empty($HTTP_POST_VARS['sender_mail']) || !empty($HTTP_POST_VARS['sender_message']) || !empty($HTTP_POST_VARS['sender_subject']) || !empty($HTTP_POST_VARS['sender_name'])) { $to = "you@email.com"; $subject = stripslashes($HTTP_POST_VARS['sender_subject']); $body = stripslashes($HTTP_POST_VARS['sender_message']); $body .= "\n\n---------------------------\n"; $body .= "Mail sent by: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $body .= "Website: " . $HTTP_POST_VARS['sender_website'] . "\nPhone:" . $HTTP_POST_VARS['sender_phone'] . "\n"; $body .= "IP Address: " . $HTTP_SERVER_VARS['REMOTE_ADDR'] . "\n"; $header = "From: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $header .= "Reply-To: " . $HTTP_POST_VARS['sender_name'] . " <" . $HTTP_POST_VARS['sender_mail'] . ">\n"; $header .= "X-Mailer: PHP/" . phpversion() . "\n"; $header .= "X-Priority: 1"; if(@mail($to, $subject, $body, $header)) { echo "output=sent"; } else { echo "output=error"; } } else { echo "output=error"; } ?>
Dan BlombergComment
Comment