The problem we have is that people use our formmail script to send spam. The way they do this is adding an email complete with header , content type etc in the email field of our form.
Is there an update that prevents this from happening, it should be easily fixed i think..
Inschrijving nieuwsbrief voor weather
Content-Type: text/plain; charset=\"us-ascii\"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Market Alert
bcc: [Edit: hundreds of emails removed by Andrew Riley]
SYMBOL: UPDA
Current price: .47
Projected Short Term Growth: 1.00+
Rating: 10 out of 10
UPDATE VERY HOT SECTOR FOR INVESTMENT
Universal Property Development & Acquisition Benchmark Coverage To Be Initiated By Investrend Research
NEW YORK--(BUSINESS WIRE)--Nov. 14, 2005--(Investrend Research Syndicate) Universal Property Development & Acquistion Corp. (OTCBB: UPDA - News) has enrolled in the unique shareholder empowerment platform administered by Investrend Communications, Inc., a provider of financial intelligence programs. Benchmark research coverage will be initiated by an Investrend Research analyst to be assigned in the next few days.
Previously:
HOUSTON--(BUSINESS WIRE)-- Canyon Creek Oil & Gas Inc. (a joint venture of Universal Property Development (OTCBB:UPDA - News) and USProduction & Exploration, LLC., a privately held Company, announced today that during October it sold 170.73 barrels of oil and 988 mcfg from 4 wells located on its Hagler leases. Canyon Creek representatives said they were very pleased with these initial results since they represent only a partial month of production from only 4 of the 12 producers at the Hagler site.
Universal Property Development
spammed
It's not an easy fix but check out this thread for a RC. It's not 100% but I'm mainly interested to see if it stops the spamers at this point.
http://www.boaddrink.com/forum/viewtopic.php?t=884
-Andrew Riley
spammed
First you should delete those emails so those people do not get a bunch more spam.
Andrew as far as I can see the tests we have done is stopping the spam but still early to say 100%
What I would like to see also and aybe you can keep this in mind
The rDNS look up I mentioned on the Return Path issue but also is there a way to stop the script from triggering when a spider hits it directly.
What I mean is if you have a form uploaded and it is called form.php and you load that straight to the browser it triggers and sends a blank email to eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%61%20%68%72%65%66%3d%22%6d%61%69%6c%74%6f%3a%65%78%61%6d%70%6c%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%22%3e%65%78%61%6d%70%6c%65%40%65%78%61%6d%70%6c%65%2e%63%6f%6d%3c%2f%61%3e%27%29%3b')) and of course it not a hue deal but maybe something that can prevent that? I know the spammer issue is first :)
thanks for your hard work!!!
Robert