ISP closes php form because of spam abuse
Hi experts, my ISP says that my simple php script that handles a simple contact form is abused by spammers. What may I do to redeem this?
The script recides in a separate file from the form:
<?
header("Location:../index.
if ($REQUEST_METHOD == "POST") {
$email = $HTTP_POST_VARS[email];
$mailto = "name@domain.com";
$mailsubj = "Response from $name";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "This is a message from $name:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VA
echo("Thanks.");
}
?>
Thanks
The script recides in a separate file from the form:
<?
header("Location:../index.
if ($REQUEST_METHOD == "POST") {
$email = $HTTP_POST_VARS[email];
$mailto = "name@domain.com";
$mailsubj = "Response from $name";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "This is a message from $name:\n";
while (list ($key, $val) = each ($HTTP_POST_VARS)) { $mailbody .= "$key : $val\n"; }
if (!eregi("\n",$HTTP_POST_VA
echo("Thanks.");
}
?>
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes, I found out this too. I finally ended up with this script that detects cc and bcc and other and sends an error:
<?php
$error = "";
// get all the email form data
$ems = "";
// stop email server hacks
$ems .= $name;
$ems .= $email;
$ems .= $message;
if ( stristr( $ems, "content-type" ) || stristr( $ems, "multipart/mixed" ) || stristr( $ems, "boundary" ) || stristr( $ems, "cc:" ) || stristr( $ems, "multi-part message in mime format" ) || stristr( $ems, 'to:' ) || eregi( "(%[a-f0-9])", $ems ) || stristr( $ems, "0x" ))
// the last two are in case they try using hex or other non standard characters
{
$error .= "<p>Behave!!</p>";
}
if ( $error )
{
echo $error;
}
else
{
@extract($_POST);
$name = stripslashes($name);
$email = stripslashes($email);
$subject = stripslashes("Responce from my form");
$text = stripslashes($message);
mail('myname@somedomain.co
header("location:../thanks
}
?>
<?php
$error = "";
// get all the email form data
$ems = "";
// stop email server hacks
$ems .= $name;
$ems .= $email;
$ems .= $message;
if ( stristr( $ems, "content-type" ) || stristr( $ems, "multipart/mixed" ) || stristr( $ems, "boundary" ) || stristr( $ems, "cc:" ) || stristr( $ems, "multi-part message in mime format" ) || stristr( $ems, 'to:' ) || eregi( "(%[a-f0-9])", $ems ) || stristr( $ems, "0x" ))
// the last two are in case they try using hex or other non standard characters
{
$error .= "<p>Behave!!</p>";
}
if ( $error )
{
echo $error;
}
else
{
@extract($_POST);
$name = stripslashes($name);
$email = stripslashes($email);
$subject = stripslashes("Responce from my form");
$text = stripslashes($message);
mail('myname@somedomain.co
header("location:../thanks
}
?>
EVERYTHING THAT A USER SUPPLIES IS BAD.
Here end'th the lesson.
Personally, I would take a look at
http://www.tectite.com/formmailpage.php
and
http://phpfmg.sourceforge.net/home.php