473,325 Members | 2,671 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

php form problem

Hello,

I hope someone can help.

I use a php form to process contact forms on my web sites. Recently I have
been receiving lots of strange data coming through the contact forms like
this :

NB. mysite = the actual site that the contact form is on.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
From: qs********@mysiteco.uk add to address book
Return-Path: my**********@hosts.co.uk add to blacklist add to whitelist
Delivery-Date: Thursday, September 8, 2005 2:57 AM
To: ma**@mysite.co.uk
Subject: Information request

show headers | download source | printable view | back to folder | next
message Spam score: 0
Name : qs********@mysite.co.uk

Phone : qs********@mysiteco.uk

Email : qs********@mysiteco.uk
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
It spoofs the address of the site that the contact form is on. This has
happened accross every site that the form is on so I am guessing their is a
vulnaribility in the script below . Can anyone help please?
php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
<?
$name=$_POST['name'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$query=$_POST['query'];
$to="en*******@mysite.co.uk";
$from="$email";
$message="Customer Name : $name\n\n
Phone : $phone\n\n
Email Address : $email\n\n
Query : $query\n";
if (mail($to, "Customer Information", "$message\n", "From: $from"))
{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
} else {
echo "There was a problem sending the mail. Please check that you filled in
the form correctly.";
}
?>

>>>>>>>>>>>>>>>>>>>>>>>>


Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.

Thank you in advance,

Neil


Sep 8 '05 #1
5 1371
Sorry didn't mean to attach the smilie!

--
Regards,

Neil McDermott
01604 622345
07841 865970
http://www.easiserv.com
"Neil McDermott" <ne************@easiserv.com> wrote in message
news:df*********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com...
Hello,

I hope someone can help.

I use a php form to process contact forms on my web sites. Recently I have
been receiving lots of strange data coming through the contact forms like
this :

NB. mysite = the actual site that the contact form is on.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
From: qs********@mysiteco.uk add to address book
Return-Path: my**********@hosts.co.uk add to blacklist add to whitelist
Delivery-Date: Thursday, September 8, 2005 2:57 AM
To: ma**@mysite.co.uk
Subject: Information request

show headers | download source | printable view | back to folder | next
message Spam score: 0
Name : qs********@mysite.co.uk

Phone : qs********@mysiteco.uk

Email : qs********@mysiteco.uk
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
It spoofs the address of the site that the contact form is on. This has
happened accross every site that the form is on so I am guessing their is
a vulnaribility in the script below . Can anyone help please?
php Contact script used >>>>>>>>>>>>>>>>>>>>>>>>>>>>
<?
$name=$_POST['name'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$query=$_POST['query'];
$to="en*******@mysite.co.uk";
$from="$email";
$message="Customer Name : $name\n\n
Phone : $phone\n\n
Email Address : $email\n\n
Query : $query\n";
if (mail($to, "Customer Information", "$message\n", "From: $from"))
{$URL="http://www.mysite..co.uk/thankyou.php";header ("Location: $URL");
} else {
echo "There was a problem sending the mail. Please check that you filled
in the form correctly.";
}
?>

>>>>>>>>>>>>>>>>>>>>>>>>>>


Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.

Thank you in advance,

Neil

Sep 8 '05 #2
In article <df*********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>,
"Neil McDermott" <ne************@easiserv.com> wrote:
Hello,

I hope someone can help.

<snip>

Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.

Thank you in advance,


It looks to me that someone just enters "qs********@mysite.co.uk" in all the
form fields.

--
Sandman[.net]
Sep 8 '05 #3
Sandman wrote:
In article <df*********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>,
"Neil McDermott" <ne************@easiserv.com> wrote:
Hello,

I hope someone can help.

<snip>

Any help would be greatly appreciated. I am no php expert , I simply
adjusted a form I found on a php tutorial site.

Thank you in advance,


It looks to me that someone just enters "qs********@mysite.co.uk" in all the
form fields.


This has been discussed on many forums lately.

Take a look at
<http://www.phpfreaks.com/forums/index.php?showtopic=66987&st=0&p=272101&#entry2721 01>

It shows some code that should keep these folks at bay.

Ken

Sep 8 '05 #4
Hi guys,

As Ken says this thread is really useful and helped me a great deal. Thanks
Ken!!!

Neil

"Ken Robinson" <ke******@gmail.com> wrote in message
news:11********************@g44g2000cwa.googlegrou ps.com...
Sandman wrote:
In article <df*********@nwrdmz03.dmz.ncs.ea.ibs-infra.bt.com>,
"Neil McDermott" <ne************@easiserv.com> wrote:
> Hello,
>
> I hope someone can help.
>
> <snip>
>
> Any help would be greatly appreciated. I am no php expert , I simply
> adjusted a form I found on a php tutorial site.
>
> Thank you in advance,


It looks to me that someone just enters "qs********@mysite.co.uk" in all
the
form fields.


This has been discussed on many forums lately.

Take a look at
<http://www.phpfreaks.com/forums/index.php?showtopic=66987&st=0&p=272101&#entry2721 01>

It shows some code that should keep these folks at bay.

Ken

Sep 14 '05 #5

Neil McDermott wrote:
Hi guys,

As Ken says this thread is really useful and helped me a great deal. Thanks
Ken!!!


Here's the code I'm now using to try to thwart the spammers.

<?
foreach ($_POST as $k=>$v)
if (strpos($v,'Content-Type:') !== false) { // loop through all POSTed
content looking for the string 'Content-Type:'
//
// Mail tracking code removed (I email a tracking email with
information back to myself)
//
header("HTTP/1.0 404 Not Found"); // issue a 404 - page not found.
Maybe this will stop the spambots from retrying my form every few hours

}

if (isset($_POST['submit']) && ($_POST['submit'] != 'Send Request')) {
// check that the value passed by the Submit button hasn't been
compromised
//
// Mail tracking code removed (I email a tracking email with
information back to myself)
//
header("HTTP/1.0 404 Not Found"); // issue a 404 - page not found.
Maybe this will stop the spambots from retrying my form every few hours
}

?>

Ken

Sep 14 '05 #6

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Richard | last post by:
Hi, I have a form that take some time to load due to many comboboxes and at least 8 subforms. When I filter or sort the main form I get an error message and then Access shuts down. They ask if...
15
by: Steve | last post by:
I have a form with about 25 fields. In the BeforeUpdate event of the form, I have code that sets the default value of each field to its current value. For a new record, I can put the focus in any...
5
by: Steve Strik | last post by:
My Problem: I have created a database here at work that is exhibiting some very strange behaviour. Essentially the database is structured in a manner where one table is a master record table...
1
by: Nico | last post by:
Hi! I use Windows XP and Access 2002 (XP) SP2 (not SP3) My company has not upgraded to SP3. My problem: -I have a form "F_BOMs" -in this form, i have a sub form called "SF_BOMs" -the sub-form...
3
by: dixie | last post by:
I have an Access 2000 form which has been running OK for a long time. Lately, it is playing up and doing things like causing Access to close suddenly when the form is opened or when saving the form...
9
by: Lyn | last post by:
Hi, I have a form which is opened from a button on another form. The form is used to display a list of records from a recordset in Continuous Mode. It is sized vertically to display about 25...
5
by: ortaias | last post by:
I have a form which calls up a second form for purposes of data entry. When closing the data entry form and returning to the main form, things don't work as expected. When I return to the main...
11
by: ChrisM | last post by:
Hi, Don't know if anyone can cast any light on this... I have a fairly complex C# WinForm with (amongst other) a text box and a button. The TextBox has events declared for KeyUp and KeyDown,...
0
by: hmm | last post by:
Hi all I have two problems: Problem #1: I'm using a .NET Form with the property 'FormBorderStyle' set to 'None'. The idea is to completely cover the area of that Form with a UserControl. In...
1
by: fugaki | last post by:
Hi everyone I'm learning asp, and i downloaded this script to teach me how to post form data from a webpage to an access database. I put it on the server so i could make sure that it worked, and...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.