Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../includes/class_bootstrap.php(430) : eval()'d code on line 22

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 38

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 39

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 41

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 42

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 43

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 38

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 39

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 41

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 42

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_hook.php on line 43

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120

Warning: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in ..../vbseo/includes/functions_vbseo_seo.php on line 120
How to prevent "php mail injection - spam attack"
Results 1 to 2 of 2
  1. #1
    Sam
    Sam is offline Administrator
    Join Date
    May 2004
    Posts
    132

    Default

    Dear Valued Clients,

    Nowadays there is an explotion on php mailler scripts and spammers can add their header - cc & bcc to your mail form and can send spam mails to mail address which can be added by them. Please use following codes in your php mailler scripts that can prevent anybody to add/change of header.

    It should be at top of page (php codes) - it works for POST method
    <?
    &#036;badStrings = array("Content-Type:",
    "MIME-Version:",
    "Content-Transfer-Encoding:",
    "bcc:",
    "cc:");
    foreach(&#036;_POST as &#036;k => &#036;v){
    foreach(&#036;badStrings as &#036;v2){
    if(strpos(&#036;v, &#036;v2) &#33;== false){
    header("HTTP/1.0 403 Forbidden");
    exit;
    }
    }
    }
    ?>
    Sam
    Ahosting, INC
    Reseller Hosting

  2. #2
    geoffb61 is offline Members
    Join Date
    Nov 2005
    Posts
    5

    Default

    One of the programs that I run on your server is an auto-surf site and it uses the php mailer in various different places.
    It is used in the signup script to send a verification email, in the admin area to email individual members and all members, it is used to advise different events to the members and the admin and it is used by CRON jobs to advise me that a timed event has occured.
    In total, I think there are at least 6 scripts that call the php mailer&#33;

    Does the patch code need to be added to all these scripts?

    If this is the case, it seems to me that this is a server issue and would be better patched in the servers mail agent rather than in multiple user scripts&#33;

    I am not a programmer and I don&#39;t mess with the scripts that I have purchased, many of them prohibit modifications to the design and may refuse future support&#33;

    Am I the only one with this problem or am I wrong to worry about it?

    Geoff
    :unsure:

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •