[nycphp-talk] worm/virus's hammering feedback scripts?POLISHED VERSION
matthijs abeelen
matthijsenator at gmail.com
Thu Sep 15 02:03:39 EDT 2005
This problem is spreading very fast, a good summery of the best solution(s)
is needed indeed. Unfortunately, I'm not the one who can do that. Waiting
eagerly for the article on Phundamentals!
"We're working on getting a Phundamentals article online covering the
discussion over the last couple of days. Thanks Roland and everyone for
their feedback and discussion."
At the moment I'm using the following script:
<?php
// http://www.codingforums.com/showthread.php?t=67546
function email_injection_filter($formInput)
{
$injectionStrings = array("apparently-to",
"bcc",
"boundary=",
"charset",
"content-disposition",
"content-type",
"content-transfer-encoding",
"errors-to",
"in-reply-to",
"message-id",
"mime-version",
"multipart/mixed",
"multipart/alternative",
"multipart/related",
"reply-to",
"x-mailer",
"x-sender",
"x-uidl"
);
foreach ($injectionStrings as $spam)
{
$pos = strpos(strtolower($formInput), $spam);
if ($pos !== false)
{
error_log("Email injection attempt - From IP: " . $_SERVER['REMOTE_ADDR'] .
" | Server Time: " . date('m\/d\/y, h:i:s A'), 1, "mymail at domain.com");
exit("<html><body><p>Error message here.</p></body></html>");
}
}
}
?>
And then after receiving the POST variables I'll do:
foreach ($_POST as $formInput)
{
email_injection_filter($formInput);
}
Could anyone give some feedback on this particular script? I know there have
been given/proposed many filters already. But the sheer amount of them is a
bit overwhelming and it seems there's still no consensus on the best
solution.
Thanks,
Matthijs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20050915/fadeb5c2/attachment.html>
More information about the talk
mailing list