NYCPHP Meetup

NYPHP.org

[nycphp-talk] worm/virus's hammering feedback scripts?POLISHED VERSION

Hans C. Kaspersetz hans at cyberxdesigns.com
Thu Sep 15 07:12:48 EDT 2005 

This might be a silly question, but with this solution are you still 
vulnerable if the hack comes in another character encoding?

HCK


matthijs abeelen wrote:

>This problem is spreading very fast, a good summery of the best solution(s) 
>is needed indeed. Unfortunately, I'm not the one who can do that. Waiting 
>eagerly for the article on Phundamentals!
>
>"We're working on getting a Phundamentals article online covering the
>discussion over the last couple of days.  Thanks Roland and everyone for
>their feedback and discussion."
>
>
>At the moment I'm using the following script:
><?php
>// http://www.codingforums.com/showthread.php?t=67546
>
>function email_injection_filter($formInput) 
>{ 
>$injectionStrings = array("apparently-to", 
>"bcc", 
>"boundary=", 
>"charset", 
>"content-disposition", 
>"content-type", 
>"content-transfer-encoding", 
>"errors-to", 
>"in-reply-to", 
>"message-id", 
>"mime-version", 
>"multipart/mixed", 
>"multipart/alternative", 
>"multipart/related", 
>"reply-to", 
>"x-mailer", 
>"x-sender", 
>"x-uidl" 
>); 
>foreach ($injectionStrings as $spam) 
>{ 
>$pos = strpos(strtolower($formInput), $spam); 
>if ($pos !== false) 
>{ 
>error_log("Email injection attempt - From IP: " . $_SERVER['REMOTE_ADDR'] . 
>" | Server Time: " . date('m\/d\/y, h:i:s A'), 1, "mymail at domain.com"); 
>
>exit("<html><body><p>Error message here.</p></body></html>"); 
>
>} 
>} 
>}
>?>
>
>And then after receiving the POST variables I'll do:
>foreach ($_POST as $formInput)
>{
>email_injection_filter($formInput);
>}
>
>Could anyone give some feedback on this particular script? I know there have 
>been given/proposed many filters already. But the sheer amount of them is a 
>bit overwhelming and it seems there's still no consensus on the best 
>solution.
>
>Thanks,
>Matthijs
>
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>New York PHP Talk Mailing List
>AMP Technology
>Supporting Apache, MySQL and PHP
>http://lists.nyphp.org/mailman/listinfo/talk
>http://www.nyphp.org
>

More information about the talk mailing list