[thelist] junk entry into forms (captcha?)

kasimir-k kasimir.k.lists at gmail.com
Wed Feb 7 14:41:14 CST 2007

Hershel Robinson scribeva in 07/02/2007 19:31:
> Looks like somebody is now testing my site manually. I just received this:
> <letter>
> Name: <a href=\"\'>
> Email: test at test.com
> Letter:

Thought that I'd tell a couple things I usually do.

First I had a problem of email header injection - that was easily dealt 
with just by checking that name and email don't have any newlines.

Then some forms started receiving spam messages with loads of links to 
sites selling spam goods. Now I reject messages with string "<a href" 
with an error message telling, that you can't post links.

There's very little spam NOT containing links, so this works well in 
those situations, where legitimate users don't need to include links in 
the messages.


More information about the thelist mailing list