Recently some email spammers figured that my contact forms aren’t that safe and started relaying their spam through my machine. I’ve spotted the abuse late on a Saturday, as my inbox got flooded with cc’d emails and bounce messages. I forwared such an email to my hosting service and whilst I cleaned up my inbox they stopped the spammer. Awesome service, thank you National Net!
NationalNet support patched my PHP scripts
if (ereg(’^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)+$’, $email-from))
mail($email-to, $email-subject, $email-message, $email-headers…
and they sent me an email explaining what they did to stop the spammer within 15 minutes or so.
GrayWolf posts a similar case and recommends this helpful page with PHP code to stop header injection, there is more useful stuff in the manual’s comment section, and a great thread at WMW. I found that a combination of the NatNet patch and the tips provided there, plus a few custom add-ons like database lookups, should secure my email forms in the future. Next step is sending automated complaints to the spammers ISP.
Share/bookmark this: del.icio.us • Google • ma.gnolia • Mixx • Netscape • reddit • Sphinn • Squidoo • StumbleUpon • Yahoo MyWeb
Subscribe to Entries Comments All Comments