snights Posted April 2, 2010 Posted April 2, 2010 Started getting strange emails with what appers to be scramble html C9mt4z a hrefhttp:ppkizndukdzx.comppkizndukdzxa urlhttp:asoptdxujcnt.comasoptdxujcnturl linkhttp:ispoevtwrjbg.comispoevtwrjbglink http:tanxlamyorme.com is one of all.. I belive its a try for inserting some script? correct? i want to belive that the reason im getting this email is becuse im using security pro? Or is it sometinge else? im a beeing paranoid?
MyR Posted April 22, 2010 Posted April 22, 2010 Started getting strange emails with what appers to be scramble html Looks to me like sanitized html from your contact_us page. Nothing to worry about. You may consider adding captcha to your contact_us page.
spooks Posted April 23, 2010 Posted April 23, 2010 looks like a spam attack that's been cleaned so no worries. you must be cleaning the post with something, contact_us uses the post method & security pro has no effect on that You can prevent these spammers getting anywhere with this type of attack with this change to contact_us that will detect any links in the message. at the very start, after Released under the GNU General Public License */ add: $error = false; if (preg_match('/(http:\/\/)/i',$_POST['enquiry']) || preg_match('/(<a.*href.*=)/i',$_POST['enquiry'])) { $error = true; $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.'); } then remove the later: $error = false; Generally if the spammers can't send live links they just give up, as it makes their spam pointless. Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
mhsuffolk Posted April 23, 2010 Posted April 23, 2010 I have added spooks code to my shop. On testing a "clean" email goes through as normal but if I put a hyperlink into the email it goes to a blank page with http://www.xxxxxxxxx...php?action=send in the URL bar of the browser. Is this correct please Martin Live shop Phoenix 1.0.8.4 on PHP 7.4 Working my way up the versions.
spooks Posted April 24, 2010 Posted April 24, 2010 Is this correct please Martin Oops, sorry, there is an error in the code , its a snippit I used on a non-osC site, it needs a small change for osC remove the line added b4: $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.'); then after: require('includes/application_top.php'); add: if ($error) $messageStack->add('contact', 'Links are not allowed within the message,<br />please just put www part if needed.'); Sam Remember, What you think I ment may not be what I thought I ment when I said it. Contributions: Auto Backup your Database, Easy way Multi Images with Fancy Pop-ups, Easy way Products in columns with multi buy etc etc Disable any Category or Product, Easy way Secure & Improve your account pages et al.
cellcom Posted June 7, 2010 Posted June 7, 2010 This has no effect what so ever.I tried the code and then put http://www.google.com into the form and it passed.Any ideas ?
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.