NYCPHP Meetup

NYPHP.org

[nycphp-talk] PHP script needs some filter help

Christina Karlhoff christinak at wll.com
Mon Sep 17 09:35:11 EDT 2007 

Hi Gary,

Thanks, I appreciate your insight. 

At the moment, I'm afraid that I am not privvy to the correct
implementation of php code to track a user's submission... 

I am going to look into php classes, and at the very least get somebody
to design a custom php component for the company to use.


-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
On Behalf Of Gary Mort
Sent: Sunday, September 16, 2007 2:16 PM
To: NYPHP Talk
Subject: Re: [nycphp-talk] PHP script needs some filter help

Christina Karlhoff wrote:
>
> The situation:  Our company's website host server only processes 
> scripts in php, python, cld fusion [not in asp - go figure].  Our 
> website has three seperate user information request forms on it; all 
> were posted using a php mail script.  One day, all of a sudden, we get

> 20-30 bogus forms mail to us per day.  Annoying and alarming.  So i 
> went searching for some way to control it.  I managed to insert a php 
> script with captcha into each.  but, we are still getting bogus forms 
> sent to us.  Not as many, but still annoying and no fun...email header

> injections i take it?
>


Captcha prevents, to a degree, the automated use of your forms to send
you email.

It won't prevent someone from manually using those forms to send you
email.

Nor will it prevent someone from forging your email address and sending
you spam.

So without know why the forms are bogus, it's somewhat hard to tell what
the problem is.

As a first step, I'd make sure to code something so you track who
submits an email through on a form(cookie plus ip address tracking along
with placing a unique id for each email in the header) so you can
compare the "spam" with your database and see where it is coming from.

Than attack the problem from that perspective.  If they all come from
the same IP address range, add an extra captcha routine triggered just
for them to confirm email.  Reject their address entirely.  Whatever.


_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk

NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com

Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php

More information about the talk mailing list