By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,640 Members | 1,598 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,640 IT Pros & Developers. It's quick & easy.

How to Hack form 2 mail scripts

P: n/a
Hi,

Because I am fed up with attacks on my form mail scripts I want to find a
way to hack them my self and test it while I am developing it....

Does anyone knows a good resource to learn how to hack my own forms ? or
anything relative to security precautions

Cheers
Nov 22 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Angelos wrote:
Hi,

Because I am fed up with attacks on my form mail scripts I want to find a
way to hack them my self and test it while I am developing it....

Does anyone knows a good resource to learn how to hack my own forms ? or
anything relative to security precautions

Cheers


Hi Angelos,

That sucks. :-(
But it is hard to answer what to do if you don't give more details.

Where does the script send to?
I mean, do you set the 'to' field in your script and is the spammer somehow
adding new emailadresses to that?

What probably the best way to start defending yourself is:
- log all action on that script, and analyse them afterwards.
This can be done very easyly by storing the complete POST-part of the
requests in a file or database. (if you use post, otherwise take $_GET of
course)
Just serialize the whole $_POST, and write a script to display the content
of them, using unserialize and maybe just print_r().

Just study them afterwards, and I expect you will see what trick they use.
Then you know where to start.

Also: Store the IP adres of each request.

Knowledge is power.

just my 2 cents.

Good luck

Regards,
Erwin Moller
Nov 22 '05 #2

P: n/a
"Angelos" wrote:
Hi,

Because I am fed up with attacks on my form mail scripts I want to find a
way to hack them my self and test it while I am developing it....

Does anyone knows a good resource to learn how to hack my own forms ? or
anything relative to security precautions


Here's a good article on the subject:
http://securephp.damonkohler.com/ind...mail_Injection

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

Nov 22 '05 #3

P: n/a
Thanks for that,

at the moment I am trying this solution

<?php
$from=$_POST["sender"];
if (eregi("\r",$from) || eregi("\n",$from)){
die("Why ?? :(");
}
?>

And if that spam continues ...I'll have to find something else ....

What do "they" have to earn by sending all this SPAM ???
Is there any Money involved ... i don't think so ...

Anyway thanks for your replies !!!
Nov 22 '05 #4

P: n/a
On 17.11.2005 12:40, Angelos wrote:
Thanks for that,

at the moment I am trying this solution

<?php
$from=$_POST["sender"];
if (eregi("\r",$from) || eregi("\n",$from)){
die("Why ?? :(");
}
?>

And if that spam continues ...I'll have to find something else ....

What do "they" have to earn by sending all this SPAM ???
Is there any Money involved ... i don't think so ...

Anyway thanks for your replies !!!


Best way how to stop automated abuse is using php generated images,
similiar which yahoo uses to prevent automated sign-ups. Users then must
write down the control number/string for each submit and you compare if
the submited control numer corresponds to the one you have generated
before processing user input. PHP has functions to work with images like
imagettftext etc. Good luck.

Y.
Nov 22 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.