php form problem

Re: php form problem

Sorry didn't mean to attach the smilie!

--
Regards,

Neil McDermott
01604 622345
07841 865970

"Neil McDermott" <neil.mcdermott @easiserv.com> wrote in message
news:dfpd91$nm$ 1@nwrdmz03.dmz. ncs.ea.ibs-infra.bt.com...[color=blue]
> Hello,
>
> I hope someone can help.
>
> I use a php form to process contact forms on my web sites. Recently I have
> been receiving lots of strange data coming through the contact forms like
> this :
>
> NB. mysite = the actual site that the contact form is on.
>[color=green][color=darkred]
>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>[/color][/color]
>
> From: qsukgmtfqg@mysi teco.uk add to address book
> Return-Path: mysite.co.uk@ho sts.co.uk add to blacklist add to whitelist
> Delivery-Date: Thursday, September 8, 2005 2:57 AM
> To: mark@mysite.co. uk
> Subject: Information request
>
> show headers | download source | printable view | back to folder | next
> message Spam score: 0
>
>
> Name : qsukgmtfqg@mysi te.co.uk
>
>
>
> Phone : qsukgmtfqg@mysi teco.uk
>
>
>
> Email : qsukgmtfqg@mysi teco.uk
>[color=green][color=darkred]
>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>>[/color][/color]
>
> It spoofs the address of the site that the contact form is on. This has
> happened accross every site that the form is on so I am guessing their is
> a vulnaribility in the script below . Can anyone help please?
>
>
> php Contact script used >>>>>>>>>>>>>>> >>>>>>>>>>>>>
>
>
> <?
> $name=$_POST['name'];
> $phone=$_POST['phone'];
> $email=$_POST['email'];
> $query=$_POST['query'];
> $to="enquiries@ mysite.co.uk";
> $from="$email";
> $message="Custo mer Name : $name\n\n
> Phone : $phone\n\n
> Email Address : $email\n\n
> Query : $query\n";
> if (mail($to, "Customer Information", "$message\n ", "From: $from"))
> {$URL="http://www.mysite..co. uk/thankyou.php";h eader ("Location: $URL");
> } else {
> echo "There was a problem sending the mail. Please check that you filled
> in the form correctly.";
> }
> ?>
>
>[color=green][color=darkred]
>>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>[/color][/color]
>
> Any help would be greatly appreciated. I am no php expert , I simply
> adjusted a form I found on a php tutorial site.
>
> Thank you in advance,
>
> Neil
>
>[/color]

Re: php form problem

In article <dfpd91$nm$1@nw rdmz03.dmz.ncs. ea.ibs-infra.bt.com>,
"Neil McDermott" <neil.mcdermott @easiserv.com> wrote:
[color=blue]
> Hello,
>
> I hope someone can help.
>
> <snip>
>
> Any help would be greatly appreciated. I am no php expert , I simply
> adjusted a form I found on a php tutorial site.
>
> Thank you in advance,[/color]

It looks to me that someone just enters "qsukgmtfqg@mys ite.co.uk" in all the
form fields.

--
Sandman[.net]

Re: php form problem

Sandman wrote:[color=blue]
> In article <dfpd91$nm$1@nw rdmz03.dmz.ncs. ea.ibs-infra.bt.com>,
> "Neil McDermott" <neil.mcdermott @easiserv.com> wrote:
>[color=green]
> > Hello,
> >
> > I hope someone can help.
> >
> > <snip>
> >
> > Any help would be greatly appreciated. I am no php expert , I simply
> > adjusted a form I found on a php tutorial site.
> >
> > Thank you in advance,[/color]
>
> It looks to me that someone just enters "qsukgmtfqg@mys ite.co.uk" in all the
> form fields.[/color]

This has been discussed on many forums lately.

Take a look at
<http://www.phpfreaks.c om/forums/index.php?showt opic=66987&st=0 &p=272101&#entr y272101>

It shows some code that should keep these folks at bay.

Ken

Re: php form problem

Hi guys,

As Ken says this thread is really useful and helped me a great deal. Thanks
Ken!!!

Neil



"Ken Robinson" <kenrbnsn@gmail .com> wrote in message
news:1126204763 .557938.8360@g4 4g2000cwa.googl egroups.com...[color=blue]
> Sandman wrote:[color=green]
>> In article <dfpd91$nm$1@nw rdmz03.dmz.ncs. ea.ibs-infra.bt.com>,
>> "Neil McDermott" <neil.mcdermott @easiserv.com> wrote:
>>[color=darkred]
>> > Hello,
>> >
>> > I hope someone can help.
>> >
>> > <snip>
>> >
>> > Any help would be greatly appreciated. I am no php expert , I simply
>> > adjusted a form I found on a php tutorial site.
>> >
>> > Thank you in advance,[/color]
>>
>> It looks to me that someone just enters "qsukgmtfqg@mys ite.co.uk" in all
>> the
>> form fields.[/color]
>
> This has been discussed on many forums lately.
>
> Take a look at
> <http://www.phpfreaks.c om/forums/index.php?showt opic=66987&st=0 &p=272101&#entr y272101>
>
> It shows some code that should keep these folks at bay.
>
> Ken
>[/color]

Re: php form problem


Neil McDermott wrote:[color=blue]
> Hi guys,
>
> As Ken says this thread is really useful and helped me a great deal. Thanks
> Ken!!!
>[/color]

Here's the code I'm now using to try to thwart the spammers.

<?
foreach ($_POST as $k=>$v)
if (strpos($v,'Con tent-Type:') !== false) { // loop through all POSTed
content looking for the string 'Content-Type:'
//
// Mail tracking code removed (I email a tracking email with
information back to myself)
//
header("HTTP/1.0 404 Not Found"); // issue a 404 - page not found.
Maybe this will stop the spambots from retrying my form every few hours

}

if (isset($_POST['submit']) && ($_POST['submit'] != 'Send Request')) {
// check that the value passed by the Submit button hasn't been
compromised
//
// Mail tracking code removed (I email a tracking email with
information back to myself)
//
header("HTTP/1.0 404 Not Found"); // issue a 404 - page not found.
Maybe this will stop the spambots from retrying my form every few hours
}

?>

Ken