Hi all, One of my sites got hit tody by some tw@t who signed up for some accounts usig my email address, well - the fields had loads of crap in them - like garbelled code.. any way to the question, can anyone point me at a simple verification script that will hopefully stop this spamming. I think its called captcha, I have looked on google and found many but was wondering if anyone has used a good one? thanks Mike
You could write it yourself www.php.net/gd create a random number, store it in a db, write it to an image with imagestring next page: check if entered number corresponds with the one in the db
Or you could try detecting some of the garbled code (search for certain characters or html) to block these submissions.
you could also set somethinglike like "type the result into the box: two plus four". yeah its easy to crack, but normaly this guys try it at a few hundred domains and just move on to the next if you have some kind of captcha at your site.
thats a good idea falcondriver, ill look into that, do you know of any prewritten scripts that dont use images? (due to accessibility restrictions)?
no, dont have anything done for this, but should be quite easy - just use an array (1->"one", 2->"two",...), pull some random numbers, save the correct result in your session and compare session and input field. can code it for you if you want, pm!
Good place to start for information: //en.wikipedia.org/wiki/Captcha sorry n00b can't post links yet *shrug*
oh wait, we talking about a form mailer abuse here by attaching extra parameters to the mail header, right? i had the same problem some times ago, but you can solve this without captcha (i hate this, because sometimes you cant tell the difference between D, O, 0, Q etc...): - check out http://www.php.net/manual/en/function.mail.php (see comment from Nimlhug 11-Mar-2006 10:41) - dont send out messages with your own domainname in senders email adress (most messages i got had randomnumber@myowndomain.com as email) - replace all @ in your subject and message fields with something else like [at], so your mailserver cant deliver this crap if everything else fails.
if (preg_match('/yourdomain/i',$member_email)){ die("Invalid Email Address!"); } this may solve your problem. regarding email header injections you may want to read this one. http://www.alt-php-faq.org/local/115