[nycphp-talk] form spoofing
Rolan Yang
rolan at omnistep.com
Tue May 1 11:42:07 EDT 2007
Michael Southwell wrote:
> I thought I was following best practices (
> http://www.nyphp.org/phundamentals/spoofed_submission.php ) in
> creating a comment form for a restaurant client (There is no security
> issue here; the comments are emailed):
>
snip
> But this hasn't helped much; I still get a few of them, though I can't
> figure out how they can be generated. Any advice?
They are probably spam robots crawling the web, not spoofers. I manage a
fairly large restaurant reservation site and we receive a lot of
feedback spam from the web forms daily. I put a regex expression check
for "http://" more than once in the content. If it exists, then I tag
the subject of the email with "SPAM". My client still receives the
feedback email, but at least they can sort most of the spam from the
nonspam in their mail client.
~Rolan
More information about the talk
mailing list