unwanted form data

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

unwanted form data

Post by kippy »

I have been receiving unwanted spam ads, etc entered into a form that I have emailed to my own email address. ANy suggestions on how to stop the unwanted links and email addresses entered into this html form? I currently only have php autofilling certain fields, but I have to put a stop to this somehow, it is getting out of control. Thanks for the help...I am a newbie!!!
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

look into using captcha.

search this form for it, or hit up google.
User avatar
shiflett
Forum Contributor
Posts: 124
Joined: Sun Feb 06, 2005 11:22 am

Re: unwanted form data

Post by shiflett »

kippy wrote:I have been receiving unwanted spam ads, etc entered into a form that I have emailed to my own email address.
It sounds like you have a security vulnerability, and it's being exploited to send spam from your server. I'd fix this as soon as possible, because you can get yourself blacklisted.

Show us your code. If you fix the security vulnerability, you'll remove the incentive.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

I am fairly new to php but the form submits the input to a new php page which uses a simple insert to place the data into a table. I am sure one of my problems is my connect, I am using a require_once('mysql_connect.php'); but I am not sure on the best location for the mysql_connect.php to be placed. Also, there is currently no field validation to prevent against hacks. My concern is this, I have completely removed the form in question and I am still receiving these emails from the form stating the entered information. Any suggestions are greatly appreciated, if I receive one more medication or Adult ad thru my non-existant form I am going to go crazy. Thanks in advance!
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Once the form is found, spammers don't need the form anymore to nail you.

Disable the script that's accepting the form submission until you can fix it. What that fix is, depends on your code and so forth. Post it. As Burrito said, look into using a captcha.
kippy
Forum Commoner
Posts: 84
Joined: Wed Jun 07, 2006 8:25 pm

Post by kippy »

The main thing I am using is

mail($to, $subject, $msg, $mailheaders);

but I currently do not ave any check in place to prevent the fields being mailed from including links and ads, etc.

Sorry, I know this is likely a simple fix if I have more of an idea as to what I was doing...(i am green)

Thanks again!
Post Reply