[thelist] Site getting spammed

Kasimir K evolt at kasimir-k.fi
Sat Nov 19 06:01:46 CST 2005


> Quoting Robert Vreeland <vreeland at studioframework.com>:
>> One of my client's web site is getting spammed, or something like it
Ken Robinson scribeva in 2005-11-18 17:20:
> These people are trying to use your email form to send spam. 
...
> I use the following code at the start of my scripts that process these 
> types of
> forms:
> 
> <?php
> if (!empty($_POST)) {
>      foreach ($_POST as $k=>$v) {
>          if (strpos($v,'Content-Type') !== FALSE) {

One thing to note with this one is that 'Content-Type' may be perfectly 
valid and legit content, e.g. in contact form's message field.

As all injection bots I've seen so far populate all fields with bogus 
content, so for now I'm checking the submit value:
In the form:
<input type="submit" name="send" value="send">
In PHP:
if ($_POST['send'] != 'send') { ...
    // do what you do with these attempts
    // and some Shakespeare for the bot to enjoy - "To die, to sleep;"
    sleep(600);
    die();

Chris Dorer scribeva in 2005-11-18 19:37:
 > As a precaution...
 > Get or make your own logger...
 > And log the times, all $_SERVER ... and $_REQUEST info.

Just to give a handy example (for PHP 4.3.0+ because of the second 
parameter of print_r()):
$infoString =
	date('Y:m:d H:i:s') . "\n"
	. $_SERVER['REMOTE_ADDR'] . "\n"
	. print_r(apache_request_headers(), true) . "\n\n\n"
	. print_r($_POST , true);


hth,
.k



More information about the thelist mailing list