in reply to Re: Re: Re: preventing malicious mail attacks
in thread preventing malicious mail attacks

I'm using: 
delete $emails{'xung03@aol.com To: xung03@aol.com From: xung03@aol.com
+ Subject: Yq(DA913529,name)RiatdJ VoyY41ILqAdOjfxkvfKaH8JMobcYw .'};
foreach (keys %emails)
{
  print "$_ => $emails{$_}<br>";
}

[download]
I'm printing all the keys/values AFTER I try to delete it, but that key just doesn't go away. as you can see through my print, the => is my separator between the hash key and it's value. That means that everything before the => is the key and that's what I'm trying to get rid of.

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: preventing malicious mail attacks
by CountZero (Bishop) on Feb 01, 2004 at 19:42 UTC
    Try this:

    foreach (keys %emails)
{
 delete $emails{$_} if /xung03\@aol.com/;
}

    [download]

    It is an ugly hack and use it only if there are no other keys which contain xung03@aol.com

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
      Thank you for that small hack, that DID finally get rid of it in its entirety. I am not very sure how much help this will be, though I believe it will help a little bit..I decided to throw these regexes on all the form fields.. For the name, address1, address2, city, country I removed the colon (:) and removed the words TO, FROM, SUBJECT. If the user tries to write those in, it's removed before it saves to my database.

      For the email address, I applied the same regexes but I also applied the join [ ,] thing you mentioned earlier. The ZIP code is also using this join feature, that way anything after the first comma or space is removed and not worried about.

      After running a few tests, it seems to be working fine. The user can still add fake data to the fields, but the harmful codes have been removed and all that's left is text. That's no big deal :).

      Thanks for all your help everyone!

[reply]
[d/l]

In Section Seekers of Perl Wisdom