Forum Moderators: coopster
Like so many others, my contact form is being hit by spammers doing email header injection. I've scoured the web trying to come up with a solution, and have implemented several things including sessions. But I'm stuck on the following block for when MIME-Version is inserted. Actually the following works if I manually enter every post field (i.e., Name, Email, Message):
if(eregi("MIME-Version: ",$_POST['Name'].$_POST['Email'].$_POST['Message'])) {
mail("contact@domain.com", "Form Hijack Attempt_b", "A spam relay was attempted from the Web site and was blocked.", "From:SpamMonitor");
die();
But is there a way to consolidate the numerous post fields into one? I saw this somewhere, but it doesn't stop the injection like the code above does:
if(eregi("MIME-Version: ",$HTTP_POST_VARS)) {
mail("contact@domain.com", "Form Hijack Attempt_b", "A spam relay was attempted from the Web site and was blocked.", "From:SpamMonitor");
die();
}
Thank you...
if($email!= ""){
if(!validate_email($email)){ $error = 1; $emailErr = "ERROR: Email invalid."; }
elseif(!email_validate($email)){ $error = 1; $emailErr = "ERROR: Email invalid."; }
}function validate_email($str){
$str = strtolower($str);
if(ereg("^([^[:space:]]+)@(.+).(ad地e地f地g地i地l地m地n地o地q地r地rpa地s地t地u地w地z在a在b在d在e在f在g在h在i在j在m在n在o在r在s在t在v在w在y在z圭a圭c圭d圭f圭g圭h圭i圭k圭l圭m圭n圭o圭om圭r圭u圭v圭x圭y圭z圬e圬j圬k圬m圬o圬z圯c圯du圯e圯g圯h圯r圯s圯t圩i圩j圩k圩m圩o圩r圩x夙a夙b夙ov夙d夙e夙f夙h夙i夙l夙m夙n夙p夙q夙r夙s夙t夙u夙w夙y多k多m多n多r多t多u夷d夷e夷l夷n夷nt夷o夷q夷r夷s夷t夸m夸o夸p妄e妄g妄h妄i妄m妄n妄p妄r妄w妄y妄z奸a奸b奸c奸i奸k奸r奸s奸t奸u奸v奸y妃a妃c妃d妃g妃h妃il妃k妃l妃m妃n妃o妃p妃q妃r妃s妃t妃u妃v妃w妃x妃y妃z好a好ato好c好e好et好f好g好i好l好o好p好r好u好z她m她rg如a如e如f如g如h如k如l如m如n如r如t如w如y妁a字e字o字u字w存a存b存c存d存e存g存h存i存j存k存l存m存n存o存r存t存v存y存z宇c宇d宇f宇g宇h宇j宇k宇m宇n宇o宇p宇r宇t宇v宇w宇z守a守g守k守m守s守y守z宅a宅c宅e宅g宅i宅n宅u安f安s尖e尖t尖u屹a屹m屹w)$",$str)){
return true;
} else {
return false;
}
}function email_validate($string) {
$eregi = eregi_replace("([@.A-Za-z0-9 ]+)","",$string);
if(empty($eregi)){
return true;
} else {
return false;
}
}
I hope it helps! If not, I tried. :)
