spam mail with webappscanner@mcafeesecure.com content [closed]
hi i have website where user can request catalog.For that i am using a form with fields
- Company Name
- Contact Address
- State:
- City
- Post Code:
- Phone Number:
But for the past two days i am getting around 190 spam mail with all t开发者_运维技巧he fields containing webappscanner@mcafeesecure.com
But my form was validated using php and javascript later, and also set time limit.
eg:user can only send one request,for the second request he has to wait for 5min.
Here comes the code
if($_SESSION['time']==""){
$_SESSION['time'] = time();
$mins = 7;
}else{
$currentTime = time();
$date_created = $_SESSION['time'];
$mins = (abs($date_created - $currentTime)) / 60;
}
if($mins>5){
//Send mail
$_SESSION['time'] = time();
}else{
To prevent against spam requests, please wait 5 minutes before making a second request.
}
Can any one help me to fix this.
The best way to avert spam is to introduce a Captcha that has to be solved in order to submit the form.
Further you can also restrict the timeout by IP address instead of session. But this would require an additional overhead of cleaning out the stale IP address information from your persistent storage (such as database or file). You can also look at banning ip addresses, if they hammer your form too frequently.
Spam bots don't follow the same rules as browsers so this one probably just ignoring any cookies you send. Based on the code you posted it looks like the test passes also when there is no existing session. You should also check that a session exists before allowing the user to send the form. (This will of course affect also legitimate users who have cookies disabled.)
But since mcafeesecure.com seems to be a legitimate site, it's possible that this is a case of a misconfigured security app (the "webappscanner" part hints at that possibility).
精彩评论