List Info

Thread: Blocking PHP insertion into mail() routines
Blocking PHP insertion into mail() routines
user name
 2006-04-28 01:33:03 
Hi Bob,
I substitute a * for any invalid character:
$raw = preg_replace('/[^-_a-z0-9.]/', '*', $raw);
Trim, lowercase and max length done first.

Then when I check the email format, it throws it out.

But, if you're already doing this, they must be bypassing
your checking routine?
If you record them, it would be interesting to see what
they're putting in, so it can be stopped.
Bob E.


----- Original Message ----- 
From: "Bob Sawyer" <bobsawyerdotcomyahoo.com>
To: "PHP List" <php-list@yahoogroups.com>
Sent: Friday, April 28, 2006 1:44 AM
Subject: [php-list] Blocking PHP insertion into mail()
routines


> Some spammer has figured out that a form on our site is
ripe for
> inserting their own headers and what-not into, despite
my best efforts
> to prevent that sort of thing. How can I shore up and
secure the mail()
> routine in my script so that this kind of thing is
stopped?
> 
> My script checks for \r and \n chars that might be
inserted into the
> "To", "From", and other common
header fields. If that char is found, it
> exits the script. It also checks the email address
against a regex for
> unallowed characters and malformed addresses. Yet, the
spam is still
> coming through.
> 
> Can anyone recommend a surefire way of blocking these
insertions?
> 
> Thanks,
> Bob
> 
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
protection around 
> http://mail.yahoo.com 
> 
> 
> Community email addresses:
>  Post message: php-list@yahoogroups.com
>  Subscribe:    php-list-subscribe@yahoogroups.com
>  Unsubscribe:  php-list-unsubscribe@yahoogroups.com
>  List owner:   php-list-owner@yahoogroups.com
> 
> Shortcut URL to this page:
>  http://groups.
yahoo.com/group/php-list 
> Yahoo! Groups Links
> 
> 
> 
> 
> 
>


Community email addresses:
  Post message: php-list@yahoogroups.com
  Subscribe:    php-list-subscribe@yahoogroups.com
  Unsubscribe:  php-list-unsubscribe@yahoogroups.com
  List owner:   php-list-owner@yahoogroups.com

Shortcut URL to this page:
  http://groups.
yahoo.com/group/php-list 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups
.yahoo.com/group/php-list/

<*> To unsubscribe from this group, send an email to:
    php-list-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.c
om/info/terms/
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )