Quote:
|
Originally Posted by DrTandem1
Just a word of warning for those of you hand-coding. Many form scripts such as this on CGI and PHP are being hijacked to turn your site into a spam email server. You need to be sure to strip code from the form that a user may enter that would produce line breaks and Cc mailings.
I would also suggest to block attempts at people entering invalid email addresses and email addresses that use your site's own domain.
|
Words of wisdom! But this also is true for almost all freely available formmail scripts, if you check the code, there is no parameter checking at all. How about a list of secure formmail scripts?
I can suggest two:
http://nms-cgi.sourceforge.net/scripts.shtml (PERL)
http://www.stadtaus.com/en/php_scripts/formmail_script/ (PHP)
Both have a bunch of security features, I have used them for quite a while and they seem OK (i.e. I had no spamming problems so far).
I had a look at the source of the tectite script mentioned above and it looks okay as well.
But keep in mind: 100% security is almost impossible.
Your suggestions / experience?
faglork