Securing PHP Mail() script - Sessions?

  • BooGiE_MaN
  • Proficient
  • Proficient
  • User avatar
  • Posts: 387
  • Loc: Cape Town, South Africa

Post 3+ Months Ago

I am having problems with my Mail() script - Someone seems to be crawling my site somehow and using my script!

I am not too familiar with sessions and such, but I think I read somewhere that using
PHP Code: [ Select ]
session_register("SessionName")
on your contact page and then you can use
PHP Code: [ Select ]
if(!session_is_registered("SessionName")){ exit("Invalid Submission"); }
in your actual contact script.

:arrow: Does anyone know if this will stop the spamming for sure.. or even help at all? :?:
  • this213
  • Guru
  • Guru
  • User avatar
  • Posts: 1260
  • Loc: ./

Post 3+ Months Ago

You need to address the hole that's allowing your script(s) to be used for spam. This means verifying that all of the input is in the format it's supposed to be and hard-coding your mail headers. There is exhaustive discussion both on this board and throughout the internet pertaining to this.

Verifying that a session exists will not stop someone from exploiting your script using your form. A session can be started from the client and captured, then forged into a subsequent request to your sending script.
  • lostboy
  • Expert
  • Expert
  • lostboy
  • Posts: 511
  • Loc: Just north of Toronto

Post 3+ Months Ago

http://www.nyphp.org/phundamentals/emai ... ection.php is an article about this along with some code samples about how t stop it...basically you really need to filter all input and look for certain hacks that attempt to exploit the mime headers
  • BooGiE_MaN
  • Proficient
  • Proficient
  • User avatar
  • Posts: 387
  • Loc: Cape Town, South Africa

Post 3+ Months Ago

Wow, great article. Would have still been Googling this issue forever if you hadnt shown me.
I hope this works!

Post Information

  • Total Posts in this topic: 4 posts
  • Users browsing this forum: No registered users and 3 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.