开发者

spam mail with webappscanner@mcafeesecure.com content [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

hi i have website where user can request catalog.For that i am using a form with fields

  1. Company Name
  2. Email
  3. Contact Address
  4. State:
  5. City
  6. Post Code:
  7. Phone Number:

But for the past two days i am getting around 190 spam mail with all t开发者_运维技巧he fields containing webappscanner@mcafeesecure.com

But my form was validated using php and javascript later, and also set time limit.

eg:user can only send one request,for the second request he has to wait for 5min.

Here comes the code

    if($_SESSION['time']==""){
        $_SESSION['time'] = time();
        $mins = 7;
    }else{
        $currentTime = time();
        $date_created = $_SESSION['time'];
        $mins = (abs($date_created - $currentTime)) / 60;
    }

if($mins>5){
   //Send mail
   $_SESSION['time'] = time();
}else{
 To prevent against spam requests, please wait 5 minutes before making a second request. 
}

Can any one help me to fix this.


The best way to avert spam is to introduce a Captcha that has to be solved in order to submit the form.

Further you can also restrict the timeout by IP address instead of session. But this would require an additional overhead of cleaning out the stale IP address information from your persistent storage (such as database or file). You can also look at banning ip addresses, if they hammer your form too frequently.


Spam bots don't follow the same rules as browsers so this one probably just ignoring any cookies you send. Based on the code you posted it looks like the test passes also when there is no existing session. You should also check that a session exists before allowing the user to send the form. (This will of course affect also legitimate users who have cookies disabled.)

But since mcafeesecure.com seems to be a legitimate site, it's possible that this is a case of a misconfigured security app (the "webappscanner" part hints at that possibility).

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜