I am in the process of writing an app for one of my sites that will
allow guests to send e-cards to other folks. The process is fairly
simple. First the sender selects a card graphic via a series of radio
buttons. Then he enters his and the recipient's name and email address.
Next he enters a message to the sender and clicks a button to send the
card. What I need help with is code to test the input in all appropriate
fields to ensure that no oen uses the script for black hat purposes. In
addition to anything else that may be an issue I'd like to address the
following.
1) Ensure that the email addresses values entered (recipient and sender)
are both validly formatted (e.g. fo*@bar.com) and contain one and only
one address each.
2) The message contains text only. No attachments allowed.
I'm basically looking for ways to block the black hats from using this
for spam or spreading any malware. Direct assistance with this or being
pointed to a reference that addresses the subject would be appreciated
Thanks
DB 4 1363
Ima Lozer wrote:
I am in the process of writing an app for one of my sites that will
allow guests to send e-cards to other folks. The process is fairly
simple. First the sender selects a card graphic via a series of radio
buttons. Then he enters his and the recipient's name and email address.
Next he enters a message to the sender and clicks a button to send the
card. What I need help with is code to test the input in all appropriate
fields to ensure that no oen uses the script for black hat purposes. In
addition to anything else that may be an issue I'd like to address the
following.
1) Ensure that the email addresses values entered (recipient and sender)
are both validly formatted (e.g. fo*@bar.com) and contain one and only
one address each.
2) The message contains text only. No attachments allowed.
I'm basically looking for ways to block the black hats from using this
for spam or spreading any malware. Direct assistance with this or being
pointed to a reference that addresses the subject would be appreciated
Thanks
DB
I find that phpmailer can be easily modified to do the actual sending -
you may need to configure SSL/TSL authenticated SMTP to your ISP
outbound servers (unless you have full control over your ReverseDNS and
your own SMTP server - in other words - if you do not fully own and
control the IP address(es). If you do use DynamicDNS you will be
blacklisted anyway. It seems to me to unfair, but fighting that is a
losing proposition.
You will want to take a look at some sort of Captcha to ensure only
humans are interacting with your site. (ie. "enter at this funky-looking
picture of this word and type in the word here...")
In article <xY************ *****@nlpi069.n bdc.sbc.com>, ma*****@firstdb asource.com says...
Ima Lozer wrote:
I am in the process of writing an app for one of my sites that will
allow guests to send e-cards to other folks. The process is fairly
simple. First the sender selects a card graphic via a series of radio
buttons. Then he enters his and the recipient's name and email address.
Next he enters a message to the sender and clicks a button to send the
card. What I need help with is code to test the input in all appropriate
fields to ensure that no oen uses the script for black hat purposes. In
addition to anything else that may be an issue I'd like to address the
following.
1) Ensure that the email addresses values entered (recipient and sender)
are both validly formatted (e.g. fo*@bar.com) and contain one and only
one address each.
2) The message contains text only. No attachments allowed.
I'm basically looking for ways to block the black hats from using this
for spam or spreading any malware. Direct assistance with this or being
pointed to a reference that addresses the subject would be appreciated
Thanks
DB
I find that phpmailer can be easily modified to do the actual sending -
you may need to configure SSL/TSL authenticated SMTP to your ISP
outbound servers (unless you have full control over your ReverseDNS and
your own SMTP server - in other words - if you do not fully own and
control the IP address(es). If you do use DynamicDNS you will be
blacklisted anyway. It seems to me to unfair, but fighting that is a
losing proposition.
You will want to take a look at some sort of Captcha to ensure only
humans are interacting with your site. (ie. "enter at this funky-looking
picture of this word and type in the word here...")
Thanks. I alrady have the script 100% functional. That is not the
issue. What I want to do is tighten it up for security. I need to test
the TO and FROM email addresses to ensure that the entry is a singular
validly formatted email address, and I wand to make sure that no black
hat uses the MESSAGE field to upliad anything that can harm the
recipient's system or my server. I'll look at phpmailer to see if it
has this type of code in it.
Ima Lozer wrote:
In article <xY************ *****@nlpi069.n bdc.sbc.com>, ma*****@firstdb asource.com says...
>Ima Lozer wrote:
>>I am in the process of writing an app for one of my sites that will allow guests to send e-cards to other folks. The process is fairly simple. First the sender selects a card graphic via a series of radio buttons. Then he enters his and the recipient's name and email address. Next he enters a message to the sender and clicks a button to send the card. What I need help with is code to test the input in all appropriate fields to ensure that no oen uses the script for black hat purposes. In addition to anything else that may be an issue I'd like to address the following.
1) Ensure that the email addresses values entered (recipient and sender) are both validly formatted (e.g. fo*@bar.com) and contain one and only one address each.
2) The message contains text only. No attachments allowed.
I'm basically looking for ways to block the black hats from using this for spam or spreading any malware. Direct assistance with this or being pointed to a reference that addresses the subject would be appreciated
Thanks DB
I find that phpmailer can be easily modified to do the actual sending - you may need to configure SSL/TSL authenticated SMTP to your ISP outbound servers (unless you have full control over your ReverseDNS and your own SMTP server - in other words - if you do not fully own and control the IP address(es). If you do use DynamicDNS you will be blacklisted anyway. It seems to me to unfair, but fighting that is a losing proposition.
You will want to take a look at some sort of Captcha to ensure only humans are interacting with your site. (ie. "enter at this funky-looking picture of this word and type in the word here...")
Thanks. I alrady have the script 100% functional. That is not the
issue. What I want to do is tighten it up for security. I need to test
the TO and FROM email addresses to ensure that the entry is a singular
validly formatted email address, and I wand to make sure that no black
hat uses the MESSAGE field to upliad anything that can harm the
recipient's system or my server. I'll look at phpmailer to see if it
has this type of code in it.
The simplest way is to check for nl and cr characters ("\n" and "\r") in
the from, and subject fields. If there are any, send it back.
It works because each entry (i.e. To:, CC:, BCC:, etc.) needs to be on a
separate line.
Not perfectly foolproof, but it catches virtually all of the spammers.
It only leaves the to: field - which you should control in your script,
not from the form (i.e. use an id in the form and pull the actual email
address from a file/database/array/whatever).
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp. js*******@attgl obal.net
=============== ===
On Jul 21, 1:38 am, Jerry Stuckle <jstuck...@attg lobal.netwrote:
Ima Lozer wrote:
In article <xYNgk.16869$89 .9...@nlpi069.n bdc.sbc.com>,
maus...@firstdb asource.com says...
Ima Lozer wrote: I am in the process of writing an app for one of my sites that will allow guests to send e-cards to other folks. The process is fairly simple. First the sender selects a card graphic via a series of radio buttons. Then he enters his and the recipient's name and email address. Next he enters a message to the sender and clicks a button to send the card. What I need help with is code to test the input in all appropriate fields to ensure that no oen uses the script for black hat purposes. In addition to anything else that may be an issue I'd like to address the following.
>1) Ensure that the email addresses values entered (recipient and sender) are both validly formatted (e.g. f...@bar.com) and contain one and only one address each.
>2) The message contains text only. No attachments allowed.
>I'm basically looking for ways to block the black hats from using this for spam or spreading any malware. Direct assistance with this or being pointed to a reference that addresses the subject would be appreciated
>Thanks DB
I find that phpmailer can be easily modified to do the actual sending -
you may need to configure SSL/TSL authenticated SMTP to your ISP
outbound servers (unless you have full control over your ReverseDNS and
your own SMTP server - in other words - if you do not fully own and
control the IP address(es). If you do use DynamicDNS you will be
blacklisted anyway. It seems to me to unfair, but fighting that is a
losing proposition.
You will want to take a look at some sort of Captcha to ensure only
humans are interacting with your site. (ie. "enter at this funky-looking
picture of this word and type in the word here...")
Thanks. I alrady have the script 100% functional. That is not the
issue. What I want to do is tighten it up for security. I need to test
the TO and FROM email addresses to ensure that the entry is a singular
validly formatted email address, and I wand to make sure that no black
hat uses the MESSAGE field to upliad anything that can harm the
recipient's system or my server. I'll look at phpmailer to see if it
has this type of code in it.
The simplest way is to check for nl and cr characters ("\n" and "\r") in
the from, and subject fields. If there are any, send it back.
It works because each entry (i.e. To:, CC:, BCC:, etc.) needs to be on a
separate line.
Not perfectly foolproof, but it catches virtually all of the spammers.
It only leaves the to: field - which you should control in your script,
not from the form (i.e. use an id in the form and pull the actual email
address from a file/database/array/whatever).
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@attgl obal.net
=============== ===
You really, really must check that the requester's address is valid
and receiving mail - when a user requests requests a message to be
sent put it in a holding a queue then send back a message to the
requester with a URL which will release the ecard.
I don't even want to conjecture about how this could be abused
otherwise.
It won't stop people using throwaway addresses, but at least this
covers your responsibilitie s regarding due diligence.
C. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Fox |
last post by:
I merged and modified these script which work perfectly fine
as long as I use server.execute to access the VBS
part (which is itself in another ASP file). When these
I use a session variable to pass an email address from
the database. I have had timeout problems
and buffer problems and as I understand it, maybe
a problem with changing the session variable too many
times in one session. So I tried putting the two scripts
on one page. When...
|
by: Olly |
last post by:
I've found a basic script, however I also need to add alt and title
attributes as well, how would I go about doing this?
Here's the script I found:
Thanks
<script language="JavaScript">
<!--
/*
|
by: Richard Trahan |
last post by:
I want a js function to call a Perl script residing on a server.
The Perl script will return a string, to be used by the js.
Pseudo code:
<script>
stringvar = perlfunc_on_server(stringarg)
document.write(stringvar)
</script>
Can stringvar above be a url?
|
by: Pimpalicious Nerd |
last post by:
'Ello mates. I'm currently learning PHP from a book that I got at a
Barnes and Noble (the one near times square in new york; one of my
friends got kicked out for somehow managing to move ALL the bibles to
the fiction section...lol...but that's another story). Its a good
book, very easy to learn with, but the only trouble has been my
attention span and neverending lust for video games.
XD
Anyways, I was browsing through some forums...
|
by: ZMan |
last post by:
Scenario:
This is about debugging server side scripts that make calls to
middle-tier business DLLs. The server side scripts are legacy ASP 3.0
pages, and the DLLs are managed DLLs converted/developed with VB.NET.
What I want from debugging is to be able to step into the methods in
the DLLs called from ASP scripts using Visual Studio .NET.
Background:
For typical script debugging issues, you can read and follow the two
documents on...
| |
by: Steve Powell |
last post by:
Hi,
Can anyone help me with this one?
How can I remove script registered by RegisterClientScriptBlock ?
If I add another script with the same name, is the first one overwritten or
it's just skipped?
--
Steve Powell
|
by: rsteph |
last post by:
I have a script that shows the time and date. It's been working on my site for quite a while now. Suddenly it stops showing up, after getting my drop down menu to work.
If I put text between the <div id="datetime"></div> tags, the text shows up, but the javascript output being sent to those some divs doesn't seem to want to work. It should be showing up in the middle of the content pane, just below the first table box. (set by .css)
Here's...
|
by: Oliver Marshall |
last post by:
Hi,
Im after a simple script to help sort my downloads.
Basically I have a downloads folder, and at the moment I have directory
browsing enabled so that i can download files.
What I want is to have a php script (index.php) that will parse the
files that it finds in downloads and create a nice page (using my
template and css). If it finds a directory in /downloads, then it
|
by: KevinADC |
last post by:
Note: You may skip to the end of the article if all you want is the perl code.
Introduction
Many websites have a form or a link you can use to download a file. You click a form button or click on a link and after a moment or two a file download dialog box pops-up in your web browser and prompts you for some instructions, such as “open” or “save“. I’m going to show you how to do that using a perl script.
What You Need
Any recent...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |