PHP mail() and spam

djme · #1 Mar 21st, 2006, 16:16

Apparently its really easy for spammers to hjack email forms using php mail() to use for spamming.

Can anyone give me a few tips on how to limit the possibility of this, thanks

sypher · #2 Mar 21st, 2006, 17:21

Dont use the get method to post ur form.
Register globals off.

djme · #3 Mar 21st, 2006, 22:20

OK, when you say register global off - does that mean just setting globals to off in php.ini or do I need to do something in the code as well? thanks

sypher · #4 Mar 22nd, 2006, 11:48

in the php.ini

djme · #5 Mar 24th, 2006, 11:06

Hi, the settings were already set to off and send by post. But its still getting spammed. Is there anything else I could do (I read on a website that theres a 4th parameter in the mail function to stop people adding BCC, CCC etc, is this true?) Thanks for the help

sypher · #6 Mar 24th, 2006, 11:45

PHP: Select all


 <?php
// multiple recipients
$to  = 'aidan@example.com' . ', '; // note the comma
$to .= 'wez@example.com';

// subject
$subject = 'Birthday Reminders for August';

// message
$message = '<b>Heres your message!</b>';

// To send HTML mail, the Content-type header must be set
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";

// Additional headers
$headers .= 'To: Mary <mary@example.com>, Kelly <kelly@example.com>' . "\r\n";
$headers .= 'From: Birthday Reminder <birthday@example.com>' . "\r\n";
$headers .= 'Cc: birthdayarchive@example.com' . "\r\n";
$headers .= 'Bcc: birthdaycheck@example.com' . "\r\n";

// Mail it
mail($to, $subject, $message, $headers);
?>

This is how you do bcc and cc

Be sure to look at your mail form. To see how it could be exploited

djme · #7 Mar 24th, 2006, 12:24

OK thanks sypher, im a little unsure how someone can exploit a form (I don't understand what they do, do they enter something into the fields to create those extra headers - would adding a maxlength limit the possiblities of this?)

Or should I add some validation to the subject field to only allow letters and numbers. Thanks

sypher · #8 Mar 24th, 2006, 19:28

Your best adding php validations, making sure there isnt any commas etc and things like that.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Spam in your PM box	karinne	Webforumz Cafe	0	Jan 15th, 2008 18:09
Spam in your PM box	karinne	Announcements and News	0	Jan 15th, 2008 18:09
visitors name not displayed in mail after filling in mail form	made on earth	PHP Forum	7	Nov 16th, 2005 22:43

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
PHP mail() and spam