What kind of security risk is their with the email section possibly being malipulated by spammers?
Dec 9, 2006, 9:19 PM
Novice (17 posts)
Dec 9, 2006, 9:19 PM
Post #2 of 5
Views: 3520
Hi,
i dont believe the build in email system makes trouble. But i know that mods like the deadlink mod based on birdcast seems to be unsave. Russian spammers try to send spam via this mod many times.
The best thing you can do is to filter the cc an bcc with an regular expression. If not, it is easy for them to send them via the input string with lots of email adresses together with the deadlink.
$fields{'message'} =~ s/\cc/ /g; # deletes cc
$fields{'message'} =~ s/\bcc/ /g; # deletes bcc
i also check the lenght of the error message. The longest message i have in the deadlink mod is 28 characters. If there arrives something longer i just exit the script.
if (length($fields{'message'})>28) {
print "Content-type: text/html\n\n <center><font face=\"verdana,helvetica\">Thank you!</font></center>";
exit;
}
Then you can put the emailadresses for To: and Reply-To: directly in the "print MAIL" area instead of using a variable. There are many ways to make an formmailer (relativley) save. Google gives lot of infos.
Those spammers are a pest!
RSS Junkie
i dont believe the build in email system makes trouble. But i know that mods like the deadlink mod based on birdcast seems to be unsave. Russian spammers try to send spam via this mod many times.
The best thing you can do is to filter the cc an bcc with an regular expression. If not, it is easy for them to send them via the input string with lots of email adresses together with the deadlink.
$fields{'message'} =~ s/\cc/ /g; # deletes cc
$fields{'message'} =~ s/\bcc/ /g; # deletes bcc
i also check the lenght of the error message. The longest message i have in the deadlink mod is 28 characters. If there arrives something longer i just exit the script.
if (length($fields{'message'})>28) {
print "Content-type: text/html\n\n <center><font face=\"verdana,helvetica\">Thank you!</font></center>";
exit;
}
Then you can put the emailadresses for To: and Reply-To: directly in the "print MAIL" area instead of using a variable. There are many ways to make an formmailer (relativley) save. Google gives lot of infos.
Those spammers are a pest!
RSS Junkie
Sep 27, 2007, 4:25 AM
New User (3 posts)
Sep 27, 2007, 4:25 AM
Post #4 of 5
Views: 3348
Hi LordStryfe & RSS Junkie,
had the same spam problem and deactivated the deadlink mailer, but i think it´s a very usfull option for a linkarchivso i want to reactivate it. is it possible that you attach e txt file where you add those fixes RSS Junkie?
my tries went straight to some nasty errors ;-)
regards,
jwd
had the same spam problem and deactivated the deadlink mailer, but i think it´s a very usfull option for a linkarchivso i want to reactivate it. is it possible that you attach e txt file where you add those fixes RSS Junkie?
my tries went straight to some nasty errors ;-)
regards,
jwd
Sep 28, 2007, 4:59 PM
Veteran (1352 posts)
Sep 28, 2007, 4:59 PM
Post #5 of 5
Views: 3323
In the deadlink.cgi (based on a bignosebird script) add the red part:
{
{
$recipname="recipname_$i";
$recipemail="recipemail_$i";
if ($fields{$recipemail} eq "")
{
next;
}
if (&valid_address == 0)
{
next;
}
if ($fields{'message'} ne "")
{
$fields{'message'} =~ s/\cc/ /g; # deletes cc
$fields{'message'} =~ s/\bcc/ /g; # deletes bcc
if (length($fields{'message'})>28) {
print "Content-type: text/html\n\n <center><font face=\"verdana,helvetica\">Thank you!</font></center>";
exit;
}
$msgtxt .= "$fields{'message'}\n\n";
}
Leonard
aka PerlFlunkie
Code:
sub process_mail {
{
$recipname="recipname_$i";
$recipemail="recipemail_$i";
if ($fields{$recipemail} eq "")
{
next;
}
if (&valid_address == 0)
{
next;
}
if ($fields{'message'} ne "")
{
$fields{'message'} =~ s/\cc/ /g; # deletes cc
$fields{'message'} =~ s/\bcc/ /g; # deletes bcc
if (length($fields{'message'})>28) {
print "Content-type: text/html\n\n <center><font face=\"verdana,helvetica\">Thank you!</font></center>";
exit;
}
$msgtxt .= "$fields{'message'}\n\n";
}
Leonard
aka PerlFlunkie