[thelist] junk entry into forms (captcha?)
kasimir-k
kasimir.k.lists at gmail.com
Wed Feb 7 14:41:14 CST 2007
Hershel Robinson scribeva in 07/02/2007 19:31:
> Looks like somebody is now testing my site manually. I just received this:
>
> <letter>
> Name: <a href=\"\'>
> Email: test at test.com
> Letter:
Thought that I'd tell a couple things I usually do.
First I had a problem of email header injection - that was easily dealt
with just by checking that name and email don't have any newlines.
Then some forms started receiving spam messages with loads of links to
sites selling spam goods. Now I reject messages with string "<a href"
with an error message telling, that you can't post links.
There's very little spam NOT containing links, so this works well in
those situations, where legitimate users don't need to include links in
the messages.
.k
More information about the thelist
mailing list