On Nov 21, 2006, at 1:52 PM, Mark Wheeler wrote:
Hi All,
I've had a couple of spam emails com through one of our web email
responses. There is a form on our web site that allows people to
send us feedback. I am getting some spam through that form. It is
a PHP script which checks for php injection but what I want to
know is two things.
1. How do I know if my php injection filter is working and the
spam is only being sent to me (web master)?
How are you logging your PHP transactions? (in other words, you
could tell PHP to log the headers of any outgoing email).
Alternately, do you have access to the mail server logs?
2. If the spam is only being sent through the form, and they are
spamming only one email at a time and it's only coming to me, how
can I stop that? I can't imagine they are sitting at their
computer and typing/pasting the spam into the textarea, coming up
with a fake email address, and clicking the send button. It's got
to be an automated thing. So is there a way to test to make sure
that the email address is good or that the form is actually being
typed by hand by a person?
These are just some thoughts. Any help would be appreciated.
You can do it meticulously in your PHP code or there's this...
http://www.captcha.net/
However, keep in mind that you need to work accessibility into your
site. So, you'll need to allow for alternative methods of human
authentication. There are CAPTCHA methods designed for the
impaired. This will give you an overview of the problem...
http://www.w3.org/TR/turingtest/
Jaime Magiera
Sensory Research Network
http://www.sensoryresearch.net
