I've had a couple of spam emails com through one of our web email
responses. There is a form on our web site that allows people to
send us feedback. I am getting some spam through that form. It is a
PHP script which checks for php injection but what I want to know
is two things.
1. How do I know if my php injection filter is working and the spam
is only being sent to me (web master)?
2. If the spam is only being sent through the form, and they are
spamming only one email at a time and it's only coming to me, how
can I stop that?
How could you possibly know it's only coming to you if you haven't
checked your mail logs yet? Unless you're checking my email, how do
you know it's not coming to me? (And if you are checking my email,
stop it.)
I'd put my money on the spam being sent via Bcc: headers injected
into a From: field you're adding straight from user input, something
like this:
If that $uncleaned_user_submitted_from_address is something like
"email@hidden\r\nBcc: email@hidden", you're sending
spam to the world, and you can (and should) stop by hand-coding the
from address and putting any reply-to address in the body.
Peace,
Scott
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Web-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/web-dev/email@hidden
