ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi to all. This seems to be my week for asking questions, I guess.
Yesterday, we had a massive email attack which we believe was caused by a bot that harvested the email address from the contact form on our Web site. The file is named mail.php, and contains the following lines:
I thought that simply replacing the email address of the recipient with the ascii equivalent in "$ToEmail", so as to obfuscate the address, would do the trick. Unfortunately, that fails. Can anyone show me how to do this correctly?
Hi to all. This seems to be my week for asking questions, I guess.
Yesterday, we had a massive email attack which we believe was caused by a bot that harvested the email address from the contact form on our Web site. The file is named mail.php, and contains the following lines:
I thought that simply replacing the email address of the recipient with the ascii equivalent in "$ToEmail", so as to obfuscate the address, would do the trick. Unfortunately, that fails. Can anyone show me how to do this correctly?
Why do you say it fails? If it's because you continue to get spam....well, they already HAVE your address. Changing the address on the form won't do much, unless you know they're shoveling it through your PHP form, which is a possibility. You could always rename the page with the contact form on it, which would break any links/programs that spam bots are using, but it would be invisible to your users, since all they'll do is click the "Contact Us" button.
First thing I'd do is to create another mail address for that user, and just forward all emails from the original, compromised user to it, through your spam filter. That should cut things down dramatically (what spam filter are you using?) There are lots of good ways to hid addresses in PHP, some simple, some harder. These two pages have some good ideas: http://csarven.ca/hiding-email-addresses http://www.givegoodweb.com/post/67/php-email-obfuscate
I'm not getting any more spam; I took care of that part by changing the email address. I obviously don't want a repeat of what we encountered earlier.
What I mean by "it fails" is that, if I substitute in the recipient email address sales@tld.com in ascii rather than text, the contact form info isn't mailed. Can I put ascii in "$ToEmail =" and, if so, how do I need to enter it?
Last edited by alfred_e_neuman; 01-17-2013 at 11:53 AM.
I'm not getting any more spam; I took care of that part by changing the email address. I obviously don't want a repeat of what we encountered earlier.
What I mean by "it fails" is that, if I substitute in the recipient email address sales@tld.com in ascii rather than text, the contact form info isn't mailed. Can I put ascii in "$ToEmail =" and, if so, how do I need to enter it?
Yes, you can put it in ASCII or hex...the first link I posted has examples on how to do it. Also, you may want to try this handy little PHP function, hide_email:
If you use that, the link on your page will be just "sales@ltd.com". If someone tries to view the source of the page to scrape the address, however, it'll look something like:
If you have a mailto link on your page, remove it and substitute it for a form that will send the e-mail via hidden server-side PHP scripts to the address that will then be undisclosed. Place a captcha on this page so that you can restrict form submissions to those that can properly read the captcha and submit the accurate captcha response and not page-scraping bots.
TBone, forgive my stupidity, but where would those lines go in my php file?
That's up to you. Put the "echo" line that calls the routine wherever you put your mail address now. Put the rest of it somewhere on your current PHP page.
I think I've provided incomplete and unclear information to you about my issue. Apologies. Oh, and did I say that I didn't write this (programmer long gone, and out-of-touch), am tasked with fixing it, and am not really a programmer. There, I've come out! :-)
On our Web site, we have a contact page. Here's a code snippet from it:
Given this, I need for the submit button to work, but for the email address in mail.php to be obfuscated. Hope I'm being clear, and not being to big a pita.
Last edited by alfred_e_neuman; 01-17-2013 at 04:20 PM.
I think I've provided incomplete and unclear information to you about my issue. Apologies. Oh, and did I say that I didn't write this (programmer long gone, and out-of-touch), am tasked with fixing it, and am not really a programmer. There, I've come out! :-)
On our Web site, we have a contact page. Here's a code snippet from it:
Given this, I need for the submit button to work, but for the email address in mail.php to be obfuscated. Hope I'm being clear, and not being to big a pita.
The variables in mail.php, and the code to send the mail, will never be seen to someone who visits your contact page. PHP scripts are executed on the server and only html/javascript will be seen by the user in your case. To see this, visit your contact page hit submit and then do a View Source on your browser and see if you can find the e-mail address.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.