Anti-SpamAnti spam softwareEmail image generatorEmail spam protectionForm spam protectionSpam catcherSpam feeding Bios Captchas Lifelong! Links Online-Tools Programs SecurityAbout flazh Poll
Feedback
27.11.2011
Geini wrote:
Danke für die Informationen zu den Captchas und die schönen beispiele!! so brauchte ich nicht lang suchen und hab dazu noch eine Super erklärung + download gefunden....
more...
©1996-2012
Michael Rosenbaum Ratzeburg - Germany
Advert
Most wanted
Atomic Clock Bios BIOS Beep tones BIOS Boot CD I BIOS Boot CD II BIOS Boot Diskette BIOS Boot Logo BIOS Boot USB Stick BIOS EPA Logos BIOS ID BIOS Passwords BIOS Software BIOS Update instruction Blog Bios Boot Logo Feedback PC Professionalist wanted ! Mainboard manufacturer Programs Ratzeburg
Domains
Domains for sale!
Short and catchy domains are very rare.
9b9.de
pik7.net
rapidlinks.de
rapidlinks.net
rapidlinks.eu
Show available domains...
SPAM-Protection: E-Mail form
It's no wonder that many internet users get Spam-E-Mails, when they are placing their E-Mail address as plain text on websites. The reason is, that most of all spammers are using Harvesters (also known as Webcrawler, Spider, Robot, or Bot). The Harvester is a software program or automated script, which browses the World Wide Web in a methodical and automated manner to find E-Mail addresses for spamming.
In order to prevent this, or to make it more difficult, we could use miscellaneous possibilities:
Changing from GET to the POST method:
Reason: everbody can manipulate GET-variables inside the browsers address bar.
Example:
[URL]?ref=Hello&text=blahblah&sender=info%40example.com%0ABcc:spam%40example.de
An E-Mail header must be separated by a line break (RFC 822). A Bot could insert after the normal sender address (blue color) a line break (%0A) and a Bcc (Blind Carbon Copy) with some hidden E-Mail adresses (red color).
Verifying user inputs (with RegEx):
This is very important, because each POST variable must be verified, before we can work up with our variable (keyword: SQL-Injection). If we use a normal contact form (like on this website), we have to validate the 3 form fields Name, Email and Comment with regular Expressions (RegEx) and the POSIX bracket expressions.
[:alnum:] Alphanumeric characters: [:alpha:] and [:digit:]
[:alpha:] Alphabetic characters: [:lower:] and [:upper:]
[:blank:] Space and tab
[:cntrl:] Control characters. ASCII: 00 - 1F, and 7F (DEL)
[:digit:] Digits: 0 - 9
[:graph:] Visible characters: [:alnum:] and [:punct:]
[:lower:] Lowercase letters
[:print:] Visible characters: [:alnum:], [:punct:] and spaces
[:punct:] Punctuation characters like: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
[:space:] Whitespace characters: horiz./vert. tabulator, line-/form feed, carriage return, space
[:upper:] Uppercase letters
[:xdigit:] Hexadecimal digits: 0 - 9, A - F, a - f
The PHP function setlocale() with 'de_DE' supports locale informations like german umlauts:
<?php
...
setlocale(LC_ALL, 'de_DE');
...
//start the verification
...
Name:
if (preg_match('/^[[:print:]]{5,}$/', $_POST['name'])) {echo 'OK';}
Description: min. length 5 characters, no carriage return.
Email:
if (preg_match('/^[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}$/i', $_POST['email'])) {echo 'OK';}
Description: see regular Expressions
Kommentar:
if (preg_match('/^[[:print:][:space:]]{20,}$/', $_POST['comment'])) {echo 'OK';}
Description: min. length 20 characters, with carriage return.
Form data (HTML-Tags and control characters):
Some useful PHP functions:
htmlentities() - Convert all applicable characters to HTML entities:
Example: <b>bold</b> ==> <b>bold</b>
This function is identical to htmlspecialchars() in all ways, except with htmlentities(), all characters which have HTML character entity equivalents are translated into these entities.
htmlspecialchars() - Convert special characters to HTML entities:
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
strip_tags() - Strip HTML and PHP tags from a string:
Example: <p>words</p> ==> words
Form data (before a MySQL process):
mysql_real_escape_string() - Escapes special characters in a string for use in a SQL statement.
This function must always be used to make data safe before sending a query to MySQL!
