[nycphp-talk] Preventing spam with php mail function

csnyder chsnyder at
Thu Feb 23 18:35:04 EST 2006

On 2/23/06, Aaron Greenspan <aarong at> wrote:
> Hi everyone,
> I'm more interested in finding out what is causing the widespread
> exploitation of forms. I've written a paper on it (which references the
> NYPHP article), though I have admittedly little information. If anyone
> has anything to contribute, please let me know. I've logged about 80
> attempts at exploiting a form on my server today, and they're
> increasingly from the United States.
> Aaron

Eh, viruses happen. Malware happens. Heck, you could use a cross-site
scripting attack to perform this kind of spamming using Ajax requests.

It doesn't really matter what's causing the attacks, because there
will always be something ready to step up and exploit the scripts
until they get fixed. There are plenty of people out there running old
perl scripts that turn their web servers into open mail relays, at
least most of the PHP contact form handlers I've seen haven't been
quite that naiive.

Chris Snyder

More information about the talk mailing list