contact form hack

Out of context: Reply #12

  • Started
  • Last post
  • 13 Responses
  • justjeff0

    I would wrap the mailer code around a Referer or IP Check:

    if(_SERVER[HTTP_REFE RER]=="toxic.php") { *run code } else { *piss off }

    How's that?

    ...
    ToxicDesign
    (Feb 26 06, 18:52)

    No protection at all - HTTP headers can be forged, and are typically forged exactly like this. You can set a session variable when the load the page the first time, and then require that the session variable be set before you send any email, but then you require cookies, and it's entirely possible that determined spammers will figure that one out.

    justjeff 0Permalink
    UpvoteDownvote
    Flag
      Show [[ numHiddenNotes ]] more notesAdd Note
      SaveCancel

    View thread