You are here:Kbee Software > Software > Website Form u003e Email Issues [brochure requests] [spam messages]

Website Form u003e Email Issues [brochure requests] [spam messages]

admin / April 26th, 2011/ Posted in Software / No Comments »

Q: Hi,

Our work has a website that uses a form to send us e-mail for brochure. The script that I found to do is start being used for sending from the server much – and we have been told to remove all it.

Can a number of safe code I could use for people to fill in suggest a basic form, and have it e-mail to us?

Many thanks!

Garry

Best Answer: Your current hosting package or service MUST allow SMTP ( http://en.wikipedia.org/wiki/Simple_Mail… ) to work. Otherwise, no email can be sent.

PHP: Sending Email Tutorial (Text/HTML/Attachments): http://www.webcheatsheet.com/php/send_em…

Use any of the below sites to make the workable form you need:

These are really good online form makers. Just follow the instructions for making it and uploading file(s).

Contact Form Generator: http://www.tele-pro.co.uk/scripts/contac…
WYSIWYG Form Maker: http://www.jotform.com/?gclid=CNKhqei1wJ…
http://www.thesitewizard.com/wizards/fee…
Ajax – Creating an HTML Form: http://www.tizag.com/ajaxTutorial/ajaxfo…
http://www.phpform.org/

http://www.thepcmanwebsite.com/form_mail…

Re:There's lot of ways to prevent this, here's one way:

http://www.alt-php-faq.org/local/115/

What you're experiencing is Form Injection, Google that and you'll come up with a bunch of info on it, and how to prevent it.

Also check php.net as I know they've got some info there.

–Mark

Re:The user fills out an HTTP form, which is posted to a php page (it's contents are in the attached code), which parses the input from the form, sends the email and forwards them to a "Thanks" page. This should, as far as I know, email it to a single email address only…

I'm not too hot on this, it was designed/written by someone else, I've recently come on board and have to deal with the issues ;)

Thanks for help so far :)

Garry

Re:There are a lot of ways to hack a web form that sends email. Once at my old job we had an old version of an opensource Perl script that sends emails. It was hacked and spammers were sending spam to the world through our web server…

The biggest thing to do is hard-code the email addresses into the script. Don't have them as hidden fields or anything in the web form. Have the script know and control who gets the actual email. Another option is to have a mechanism in the script to make it check the TO address before actually sending the mail, and have it remove any addresses that are not for the approved domain(s).

Since I don't know what your script looks like, I can't give much more advice on how they are actually using it to spam people.

edit: if you are using an open source script to handle the mail, feel free to let us know which. Maybe you just aren't using some feature included with it, like the domain checking for example.

Re:Yes it is :)

Garry

Related posts

  • No related posts.

Tags: ,

Leave a Reply

Name required

Mail (will not be published) required

Website