I really hate spam. I’m sure every one has received some sort of unsolicited mail at some stage. I live and work on the internet and have my email plastered around, forums, sites like FaceBook, MySpace and own my own gallery/professional sites.
So last night I was helping a friend or friends friend rather, fix his Word Press, the menu wouldn’t display correctly. I some how came across that my friends Contact Form on his site was very open to attack. I develop in PHP, and I consider myself to be semi decent and mostly write strong and structured code.
So I click ‘Send’ on his form and it submitted an empty form, it did this 3 or 4 times, then prompted him over MSN (msn@inboxdesign.co.nz) that he Really should but some user verification/security on his form, Shit I even offered to help him.
To prove my point, I became the evil spammer I hate most, I wrote a real quick and dirty cURL script to would send a bunch of requested on his form, I even got a little inventive with it, and rather than submitting a bunch of empty forms, built a random array of porn sites to randomly populate the form.
It worked well, with in 2 or 3 minutes I had flooded his mail box with a vast array or lovely naked ladies.
Securing a web form is not hard and does not take long. It will save a lot of stress ad Junk in your inbox, masking the real email, that could be important, imagine missing an email of a friends baby, or a job request or just not checking your mail because you get so much junk !
In the next few days I am going to write a post of Securing a PHP Form, yeah there are thousands out there, but one more wont hurt, and may even help.
If you want to see my spam script, Email me.
Your blog is interesting!
Keep up the good work!