[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
 OpenForum.dk • Vis emne - Contact_us.php kan misbruges af udenforstående (?!)

Contact_us.php kan misbruges af udenforstående (?!)

Her kan du beskrive smarte løsninger og tips til andre.

Redaktør: Redaktionen

Skriv et svar

Contact_us.php kan misbruges af udenforstående (?!)

Indlægaf danauktion » 2005-12-1 13:10

Jeg har igennem et par uger kunne konstatere nogle sære emails i min indbakke, som øjensynlig kommer fra Kontakt os siden i min OSCommerce installation.
Årsagen til min undren var at teksten i mailen lignede en mailheader, samt at afsender ingen email adresse havde (hvilket ikke burde være muligt, da email adressen bliver checket). Da jeg så ydermere modtog et par mails som bouncede, kunne jeg så se at nogen benyttede contact_us.php til at sende spammails via min mailserver, da afsenderen på disse mails var xxxx@mitdomæne.dk.
Hvordan det gøres, ved jeg ikke men det foregår tydeligvis ved at skrive "'er og punktummer i email-adressen og punktummet er et konkateneringstegn i PHP.
Den pågældende spammer benytter mange forskellige IP-adresser, så problemet kan løses ved sidst i tep_check_email() at kontrollere om email adressens domæne er det samme domæne som butikkens og afvise email adressen, hvis det er tilfældet. Mailserveren vil jo ikke sende mails ud for email adresser, som ikke findes på serveren.

Hvis andre har bedre løsninger så hører jeg gerne om det :-)
http://www.danauktion.dk - Auktionsside for hele familien.
Brugeravatar
danauktion
Godt igang
Godt igang
 
Indlæg: 34
Tilmeldt: 2004-01-5 13:06
Top

Indlægaf tj » 2005-12-2 00:51

tj
Godt igang
Godt igang
 
Indlæg: 38
Tilmeldt: 2005-09-11 12:49
Top

Indlægaf michaelkn » 2005-12-2 14:38

michaelkn
Godt igang
Godt igang
 
Indlæg: 145
Tilmeldt: 2005-04-10 18:30
Top

Indlægaf olby » 2005-12-2 16:24

Tilføj følgende til includes/classes/email.php i funktionen send(:
Efter denne linie:
[php] function send($to_name, $to_addr, $from_name, $from_addr, $subject = '', $headers = '') {[/php]
tilføjes dette
[php] if ((strstr($to_name, "\n") != false) || (strstr($to_name, "\r") != false)) {
return false;
}

if ((strstr($to_addr, "\n") != false) || (strstr($to_addr, "\r") != false)) {
return false;
}

if ((strstr($subject, "\n") != false) || (strstr($subject, "\r") != false)) {
return false;
}

if ((strstr($from_name, "\n") != false) || (strstr($from_name, "\r") != false)) {
return false;
}

if ((strstr($from_addr, "\n") != false) || (strstr($from_addr, "\r") != false)) {
return false;
}
[/php]
før dette:
[php]
$to = (($to_name != '') ? '"' . $to_name . '" <' . $to_addr . '>' : $to_addr);
$from = (($from_name != '') ? '"' . $from_name . '" <' . $from_addr . '>' : $from_addr);
[/php]
Mvh olby
Hjælp til selvhjælp: Giv din kollega konstruktiv kritik og eller vejledning - tak :).
Brugeravatar
olby
Administrator
Administrator
 
Indlæg: 2552
Tilmeldt: 2003-01-1 22:27
Geografisk sted: Odder
Top
Skriv et svar

Tilbage til Tips & Tricks

Hvem er online

Brugere der læser dette forum: Ingen tilmeldte og 8 gæster

POWERED_BY
Danish translation & support by Olympus DK Team
cron