Edit by castaway - removed targets from links

That can be spoofed.

IP time checker...

How does that stop people from using the script?

Message substitutions ...

Ok, but don't you want to send out an e-mail to multiple people?

Perhaps what you want is to use SSL to connect to your script and insist that the script be run only via the secure port (443)?

The IP checker would be used to stop automated form submissions in case all it's doing is automatically resubmitting the form for each email.

If the IP has a timestamp inside the "kill zone", the script will quit. This way only one message could be sent every 5 or 10 minutes.

I am aware that REFERER can be spoofed,that's why it's not the only security percaution I'm trying to take.

Thanks for your help!



"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid

This is a fixed script. Imagine that the only fields YOU as the USER can set are EMAIL, SUBJECT and MESSAGE. These are all the text fields on the form side that you are able to set.

The TO: section is hard coded into the script. This is just a contact form to request more information. I'm just looking for the best ways to secure it. I'd use SSL but unfortunately I can't afford it right now.

Thank you.



"Age is nothing more than an inaccurate number bestowed upon us at birth as just another means for others to judge and classify us"

sulfericacid

How would SSL help you? That would only secure what people want to send your script.

If you don't allow the "To:" to be set by the visitor that's making it a bit easier :) Just don't send a copy to the address the visitor states to use in the "From:", as this could be misused too.

A few other ideas:

• You might want to use a "(un)check this option to prove you're not a script"-checkbox. This at least knocks out the poorly written scripts.
• Check all fields strictly. Think about the possibilities for an attacker if he finds out he can add newlines to the header section of the generated mails ;)
• If you use other people's scripts, check the code.

This is by all means definitely absolutely not complete.

---

Ordinary morality is for ordinary people. -- Aleister Crowley

In your original post you said you're filtering "To"; now you say "To:" is hardcoded.

For preventing mass mailing you may generate pictures on the fly and ask the "USER" to complete a field of the form with the content of the picture (text or number)

There's no point in using SSL unless you want to protect the contents of the message or you are using some means of auth (user/pass secret key etc) which I don't think is the case.

Dodge This!

Where are the messages being sent?

Based on what you're saying in 'message substitutions', you're accepting as input the 'who to send to' type fields -- unless this is a 'mail this article to a friend' or similar, you typically don't need to take that sort of input from the user, as it's dependant on the submission form.

In the case where we were hosting the script for users on the system, I had users create configuration files (which contained required fields, message formatting rules, recipients, response to the submitter, etc), and they passed enough information to the system for it to locate their configuration file (user name, and path from their home directory).

This way, we could allow users on the system to use the script, while rejecting it being used as a backend for unaffiliated persons. (and so long as users have write access to the system, it's much more effective than referrer ... you could probably pass in a URL to get the configuration file, and have an acceptable pattern, and cache, but it's going to be much more complicated)

If you're allowing visitors to specify the recipient (e-cards, mail this article, etc.), I'd probably use rate limiting by IP, and some more general rate monitoring (if I see a sudden spike in usage, it might be an issue, even if it's coming from multiple IP addresses). I might also do some sort of monitoring of 'added' body content, if it's acceptable by the security rules, so that I can see if the the same/similar message body is being repeated over and over again.

With the aside that there is no such thing as "perfectly secure", you can get a long way with a CAPTCHA.

For those that may not be able to visit that site, a CAPTCHA is a program that can create and grade tests that are easy for a human to pass, but hard for a computer. Lots of big sites use them in the form of images that contain mangled strings -- enter the plain text that matches what's in the image, and you can reasonably assume the submitter is human.

Someone has even rolled a nice Perl implementation already.