Reputation: 529
Is there a way to 100% prevent a php mail script from being abused?
I have searched SO and have found a couple of good ideas but nothing that has 100% solved this php mail problem I am having.
NOTE: When I delete this file from the server the spam stops. Also Captcha is not really an option, this is an Ajax call and it needs to be fast. I'm not 100% sure how the spammers doing it but any help would be appreciated big time.
Here is the bit of HTML added to the form:
<input name="spam_stopper" value="DO NOT CHANGE THIS VALUE" style="display:none;"/>
Here is the additional code I added at the top of the mail.php file that hasn't stopped the spam:
if ($_POST['spam_stopper'] != 'DO NOT CHANGE THIS VALUE') {
echo '<h3>Incorrect use of this form!</h3>';
exit;
}
if(!strpos($_SERVER['HTTP_REFERER'],'my-sample-domain-name.com'))
{
echo '<h3>Incorrect use of this form!</h3>';
exit;
}
if($_SERVER['REQUEST_METHOD'] != "POST"){
echo("Unauthorized attempt to access page.");
exit;
}
Upvotes: 0
Views: 415
Answers (1)
Reputation: 4118
you are allowing access via POST submission of your own form. So, if I keep submitting it using JavaScript on your own website, say, using Firebug, then what's to stop me?
You should have a once-only-valid token accompanying each send-mail request to ensure that your forms cannot be submitted more than once, even from your own website.
Upvotes: 1
Related Questions
- Preventing spamming of the functionality of a php page
- Prevent spam form
- prevent spam messages in a contact form
- AJAX - how do I protect my ajax/php functions from being spammed?
- How do I protect against ajax-spam in PHP?
- How could I secure a PHP messaging system from spam?
- Protect ajax php script post call
- How to secure the use of a PHP script that triggers emails?
- Complete protection against mail-injection
- Protecting Froms From Scriptable Spamming