in reply to Re: Re: Re: Re: preventing malicious mail attacks
in thread preventing malicious mail attacks

Try this:

foreach (keys %emails)
{
 delete $emails{$_} if /xung03\@aol.com/;
}

[download]

It is an ugly hack and use it only if there are no other keys which contain xung03@aol.com

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Re: preventing malicious mail attacks
by Anonymous Monk on Feb 02, 2004 at 00:33 UTC
    Thank you for that small hack, that DID finally get rid of it in its entirety. I am not very sure how much help this will be, though I believe it will help a little bit..I decided to throw these regexes on all the form fields.. For the name, address1, address2, city, country I removed the colon (:) and removed the words TO, FROM, SUBJECT. If the user tries to write those in, it's removed before it saves to my database.

    For the email address, I applied the same regexes but I also applied the join [ ,] thing you mentioned earlier. The ZIP code is also using this join feature, that way anything after the first comma or space is removed and not worried about.

    After running a few tests, it seems to be working fine. The user can still add fake data to the fields, but the harmful codes have been removed and all that's left is text. That's no big deal :).

    Thanks for all your help everyone!

[reply]
[d/l]

In Section Seekers of Perl Wisdom