Website security against email spammers - Webdigity webmaster forums

5, December 2008	Website security against email spammers - webmaster forum
	This forum shares its ad revenue with its members!
Navigation Webdigity Services Pagerank Monitor Whois Tool Web Design Gallery Webmaster Forums Webmaster Directory Tutorials Database Webmaster Forums WebDigity Community HumanWorks network new... Clickbank Contextual S... Forum Contests Forum Lounge New Member Introductions Tech News Google Forum User Forums aStatSpam forum Computers 3rd-Party Scripting The 100 Lists Website ... PixelThings Smart Publisher Forums Talk Design and Layout General webmaster disc... Graphics & Multimedia Adobe Photoshop Macromedia Flash & Act... Web Page Design HTML & XHTML CSS Accesibility issues Website & Graphic Revi... Web Development PhP PHP classes @finalwebs... Php User Class JavaScript Databases MySQL Security Miscellaneous Languages ASP & .NET Java & JSP Web hosting talk Hosting companies Domain names Configuring your server Apache web server Monetizing your site General Business CPC programs Adsense Chitika eMiniMalls CPM programs Affiliate programs & o... Web site promotion Promotion techniques Search Engine Optimiza... Google SEO Promoting & building a... SMF moding & promoting Marketplace Advertise your services Sell your site Sell a domain name Request services Hire people Link trading requests [ Home \| Help \| Search \| Forum's Shop \| Archive \| Login \| Register \| Webmaster Directory ]

Webdigity Webmaster Forums > Web Development > PhP
Topic: Website security against email spammers

« previous next »

Pages: [1]

Author

Topic: Website security against email spammers (Read 782 times)

Raped By Google

Gender:

Posts: 27
206 credits
Members referred : 0

PPC 4 Real Estate

« on: Nov 24, 2006, 01:57:15 AM »

I use a series of php pages to display information from the db. At the end of this series of pages I provide a contact page where the php script 1) goes to the db to retrieve the email address of the record owner and 2) sends the contact info from the form to the record owner.

I didn't establish any sessions for any of these displays. I send the record ID number through the url for the displays and the contact form. I realize now that if someone iterated through the numbers and changed the url they could send every record holder an emaiol through the contact form. Hmmmm, not good.

So I need to secure this process and I am looking for suggestions. Should I put everything into a session? Or should I send an email to the sender for verification of each contact before sending the email to the record holder? This would ensure that any spammer would receive one spam for every one they sent (a minor consulation Smiley

). Or should I make an md5 hash of the record ID and some other factor(s) and send it in addition to the record ID to verify it hasn't been tampered with?

Are there other methods that I could use? Which would be the most secure? easiest to install?

Where are my glasses?

Gender:

Posts: 21
138 credits
Members referred : 0

« Reply #1 on: Nov 24, 2006, 08:03:56 AM »

I assume you use GET to receive the ID - I'd suggest you use POST as this makes the ID and other variables invisible in the browser bar, store everything in a session.

What do you mean you show a contact form? Is this within when the user has already logged in? If so, a session would be the best way to deal with this problem.

Raped By Google

Gender:

Posts: 27
206 credits
Members referred : 0

PPC 4 Real Estate

« Reply #2 on: Nov 24, 2006, 08:35:07 AM »

Thanks artviper. I took your advice and used sessions.

Global Moderator
Community Supporter ?
Jedai Sword Master

Gender:

Posts: 6486
39748 credits
Members referred : 374

It's time to use PHP5!

« Reply #3 on: Nov 24, 2006, 09:00:47 AM »

Quote from: artviper on Nov 24, 2006, 08:03:56 AM

Hi Frank,

using post variables will not show the ID inside the url but the script is still not protected against spam bots. Using sessions is a good idea.

just put all vars into an array, serialize the array store the var in a session and use unserialize on the next page

Website Monitoring Service

Free WordPress Themes

CMS Reviews and Resources

Last blog : Just a better Internet portal provided by Google

Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=4935

Bookmark this thread : Digg Del.icio.us Dzone more....

Topic sponsors:
Get a permanent link here for $1.99!

Pages: [1]

Webdigity Webmaster Forums > Web Development > PhP
Topic: Website security against email spammers

« previous next »

Jump to:

User Area
Welcome, Guest. Please login or register. Did you miss your activation email? Dec 05, 2008, 04:33:47 AM Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Forum Statistics
Total Posts: 37.995 Total Topics: 7.685 Total Members: 4.467 Tutorials : 56 Resources : 143 Designs : 220 Latest Member: jschless81 29 Guests, 4 Users online : Yahoo crawler, Googlebot, Msnbot, Baidu Spider 10 users online today: clicktechs, YMC, Nikolas, Olaf, toy17s, IsThatJose, X-man, andreyknure, strongteak, cellphone-china

Recent topics
Qoutes for the day Thread!!... Re: Yes or no game! Do you ... Re: need name for web devel... SEO or PPC Have your website professio... Re: Online marketing servic... Re: Advices on how to launc... Re: What are your ideas on ...

HumanWorks Network
Technology news Webmaster articles Sublime web directory RSS Feed directory and viewer

Readers

Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2008 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.

Website security against email spammers - webmaster forum