Sign In
Create Account
atac la un formular php?
Last Updated: Mar 20 2006 10:26, Started by
pd
, Mar 08 2006 13:14
·
0
0
#1
Posted 08 March 2006 - 13:14
|
am un site pe care am pus un formular de comanda.
Am pus in html limita maxima, 60 de caractere, la campuri. Formularul html apeleaza un php care trimite datele din campuri la o adresa de mail cu functia: mail($mailto,$subiect,$mesaj); unde $mailto este adresa mea de mail $subiect='Formular site' $mesaj= concatenez datele din campurile complectate in formular Site-ul are cateva luni vechime si nu am avut nici o problema pana ieri cand am primit vre-o 10 mailuri de pe site. Cineva a facut astfe: - a incercat sa puna adresa de mail in toate campurile. - a pus adresa de mail in campuri si in unul din campuri a introdus un text care depaseste 60 de caractere. Cum l-a introdus? Habar nu am. va fac un copy/paste cu ce am primit poate ma lamureste cineva ce a facut si cum a putut face asa ceva, ca sa pot contracara astfel de probleme pe viitor. Va rog sa ma ajutati.  "flexbau.ro" <[email protected]> wrote: Date: Wed, 8 Mar 2006 07:41:45 +0200 From: "flexbau.ro" <[email protected]> To: [email protected] Subject: Formular - cerere parola stocuri Nume: [email protected], Firma: [email protected], Adresa: time Content-Type: multipart/alternative; boundary=f194db35fa747036034029a6ac2a26e3 MIME-Version: 1.0 Subject: pence. hen the ew ear is drummed in bcc: [email protected] This is a multi-part message in MIME format. --f194db35fa747036034029a6ac2a26e3 Content-Type: text/plain; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit on him like a tent, folks goes by on th other side iv th sthreet, th rollin mill disappears, an with th mornin comes no honest day s tile. e lies there --f194db35fa747036034029a6ac2a26e3-- . , Telefon: [email protected], Fax: [email protected], Domeniu de activitate:[email protected], Mesaj: [email protected] Edited by pd, 08 March 2006 - 13:16. |
Back to top
#2
Posted 08 March 2006 - 13:58
|
daca ai luat ca atare datele venite de la user cand trimitzi mailu atunci aici ai gresit. Degeaba pui tu o limita in html, un utilizator care vrea poate sa ocoleasca aceasta limita.
Solutia: nu mai lua ca atare datele venite de la utilizator si fa un cod in php care sa taie ce trece peste. |
#3
Posted 08 March 2006 - 14:15
|
Cred ca este vorba de php/sql injection. Foloseaste addslashes, magic_quotes. Adica, securizeaza mai bine scriptuletzu care trimite mail. Verifica intai ca la nume/prenume sa nu aiba alte caractere in afara de [azAZ] , verifica daca adresa de e-mail este corect scrisa[[email protected]]... eventual pune si o sesiune... maxim 1 mail pe ora de la acelasi ip. Sau ceva de genu... Niciodata sa nu ai incredere in utilizatori, oricand se iveste un asa zis hacker care sa iti dea putin peste cap munca...
|
#4
Posted 08 March 2006 - 15:13
|
multumesc pentru lamuriri
intre timp am mai pus niste conditii: - verific daca in sirul de caractere exista @ - verific daca in sirul care apartine campului "mesaj" exista "bcc" - verific campul "email" daca are o singura adresa de e-mail si daca e bine scrisa. O sa incerc sa adaug si ceea ce mi-ati spus mai sus (doar ca sunt inca incepator in PHP si merge mai greu, dar totul e sa vrei sa faci ceva...) Multumesc mult si ... orice sugestie/comentariu este binevenita |
#5
Posted 08 March 2006 - 15:23
|
Sa nu te bazezi niciodata pe lungimea maxima a campurilor dintr-un formular HTML. De asemenea sa nu te bazezi niciodata pe atributul READONLY pentru inputurile unui formular HTML. Ca orice tool putin avansata (de exemplu: extensia Web Developer pentru Firefox) se poate dezactiva lungimea minima a inputurilor si atributul readonly.
Numai bine! |
#6
Posted 08 March 2006 - 18:42
|
cam acelasi lucru il rezolvi daca salvezi pagina (html) pe calculatorul tau si modifici form-ul sa accepte caractere nelimitate dupa care pui ca action fisierul tau. o chestie ar fi sa verifici referer-ul, insa si el poate fi pacalit. eu zic sa folosesti o clasa/functie care verifica casutele acelea in PHP
 .
|
#7
Posted 08 March 2006 - 18:47
|
Acelasi lucru l-am patit si eu pe 4 situri diferite.
Pe fiecare formular aveam un script JS care verifica datele introduse (lungime si format) + re-verificam in scriptul php datele primite. Din cate am reusit sa inteleg, se pare ca era folosit ceva software care trimitea prin POST datele la scriptul php. Pana nu i-am pus un control asupra provenientei datelor, nu s-a potolit respectivul. Controlul asupra provenientei datelor e simplu, prima data cand intrii pe pagina de contact initializez o variabila de sesiune, pe care o verific atunci cand se face submit la formular. Daca nu am variabila de sesiune initializata atunci cand este apelat scriptul php prin "POST", inseamna ca cererea nu vine de la formularul meu. In plus, daca in oricare din campurile formularului exista "CONTENT-TYPE: " sau "MIME-VERSION" opresc executia scriptului. |
#8
Posted 08 March 2006 - 19:49
|
oi fi eu mai old fashion, dar nu vad rostul de a limita inputul la formul meu. cat timp datele respecta conditiile de validare nu vad de ce m-ar interesa de unde provin ele.
am avut cazuri cand un prieten isi refacuse formurile mele pe un site wap si avea acces la o chestie comuna. daca as fi procedat in spiritul vostru trebuia sa rescriu totul. in general, o validare buna trebuie sa opreasca datele dupa continut, nu dupa sursa lor. cheers |
#9
Posted 08 March 2006 - 20:06
|
@sebulbus: nu esti old-fashion, dar verificarea sursei datelor o fac pentru a preveni cazul in care un gheorghe incepe iar sa "submiteze" date folosind un software. Fara doar si poate, de baza ramane validarea datelor pe server.
Tentativele de spam de mai sus mi-au lasat impresia asta. Edited by ecstrim, 08 March 2006 - 20:07. |
#10
Posted 08 March 2006 - 23:08
|
Right, daca tu folosesti <input type="text" name="nume">, eu pot vedea asta in codul sursa a paginii HTML, apoi fac pe propriul PC un asa numit soft:
<form action="http://pagina.ta/pagina_respectiva.php" method="post"> <input type="text" name="nume"> <input type="submit">Si cum zice si ecstrim, incep sa spamez, sa te spamez cu propriul tau script. O alta metoda ar fi, codul HTML cat si cel PHP sa fie in aceeasi fisier.php, si sa folosesti la name un random, ex: name="nume_(xCharRandom)", aceleasi xCharRandom sa le verifice si scriptul php. Adevarat ca si acest cod sursa se poate vedea, insa la fiecare accesare a paginii acele caractere random se schimba, deci adio spammeri. |
|
#11
Posted 09 March 2006 - 13:46
|
O alta metoda ar fi, codul HTML cat si cel PHP sa fie in aceeasi fisier.php, si sa folosesti la name un random, ex: name="nume_(xCharRandom)", aceleasi xCharRandom sa le verifice si scriptul php. Adevarat ca si acest cod sursa se poate vedea, insa la fiecare accesare a paginii acele caractere random se schimba, deci adio spammeri. cu un regex search se poate gasi foarte simplu numele campului... ba chiar nici nu ai nevoie de regex... se poate si mai simplu. un turing number + validarea in php ramane cea mai buna solutie deocamdata. |
#12
Posted 13 March 2006 - 00:38
|
exact peste asta am dat acuma si uitati ce mailuri primesc (mai jos):
cum pot sa evit asta sa fac si pagina de contact in php: deci formularul il am in pagina html si cu post se duce la pagina php care trimite mailul. This is a multi-part message in MIME format. --4603c3d548dfbea8eabb7a841700a30c Content-Type: text/html; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report.--4603c3d548dfbea8eabb7a841700a30c Content-Type: text/text; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report. --4603c3d548dfbea8eabb7a841700a30c-- . Cc: [email protected] Bcc: [email protected] Hotel Selene Logo Nome: [email protected] Cognome: [email protected] Citta: [email protected] E-mail: PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report.--4603c3d548dfbea8eabb7a841700a30c Content-Type: text/text; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report. --4603c3d548dfbea8eabb7a841700a30c-- . " title="Email">PickOfTheWeek Content-Type: multipart/alternative; boundary=4603c3d548dfbea8eabb7a841700a30c MIME-Version: 1.0 From: [email protected] Subject: Our last pick is up 409 percent bcc: [email protected] , [email protected], angel030585 @aol.com, [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,andyzeh @aol.com,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected] ,[email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected] , [email protected], [email protected], willy38 @aol.com, [email protected] ,[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected],[email protected] ,[email protected],tfkoch1 @aol.com,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] , [email protected], [email protected], tcsdcoinc @aol.com, [email protected], baralvie @aol.com, [email protected], [email protected] ,[email protected],[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] , ariess007 @aol.com, [email protected], [email protected], aliceb158 @aol.com, [email protected], [email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected],[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] , [email protected], [email protected], [email protected], anfiore @aol.com, [email protected], [email protected], [email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected],theskol @aol.com,[email protected] ,[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected] ,[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], alvarezazul @aol.com, [email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected] , [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] ,[email protected] , [email protected], [email protected], agcatbum @aol.com, [email protected], [email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected] , [email protected], [email protected], [email protected], [email protected], arbelaezflia @aol.com, [email protected] ,[email protected] , [email protected], [email protected], [email protected], axel0526 @aol.com, [email protected], [email protected], [email protected], [email protected], [email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected],[email protected] ,[email protected] ,[email protected],[email protected] ,[email protected],[email protected],[email protected] ,[email protected] This is a multi-part message in MIME format. --4603c3d548dfbea8eabb7a841700a30c Content-Type: text/html; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report.--4603c3d548dfbea8eabb7a841700a30c Content-Type: text/text; charset=\"us-ascii\" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC Investors Alert Home Run Stock of the Year! Produce Safety and Security International, INC. (OTC:PDSC.PK) Ticker Symbol: PDSC.PK Buy Aggressively Last Trade: +0.093 10d AVG Vol: +1,811,732 Target: +0.67 !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC We believe serious news is on the horizon that can blow the lid off this stock like a powder-keg! PDSC is poised to be the standard for the multi-billion dollar food safety industry. Its food sanitation process improves organic and non-organic foods. Billions of American and International consumers will receive quality, non-toxic, fresh fruits vegetables and meats. An estimated 76 million Americans suffer from food-borne illnesses every year, an issue which concerns food producers, processors and retailers. Up over 100% for the past year alone!! Ozone not only protects the Earth, but recently it has been shown to be effective in killing microorganisms because it oxidizes their cell membranes. Ozone is more effective in killing a broader variety of potential pathogens than chlorine, with no negative environmental impact, because it easily and quickly degrades into oxygen. Over 25% to 35% of a grower\'s fresh fruits and vegetables never reach an end-user. In the US alone, discarded food costs are in the billions of dollars. Surprisingly, the US is one of the few GM foods dominated markets, but it needn\'t be. The education curve should swell the demand for PDSC\'s non-toxic food safety methods, as each day more and more people recognize the potential dangers of Genetically modified foods, and conversely the benefits of organic. Record Breaking Volume!!! PDSC safer food & produce solutions utilize Ozone, a gas which has amazing sanitizing qualities that both are effective and economical. It currently markets various ozone-based pathogen and bacteria removing System types - Commercial Ozone, Mobile Whitewater, Industrial Misting, Ozone Air Clean, Wastewater Recycler. PDSC intends to provide a, first ever, full line of food-safe fresh fruits and vegetables through its distribution and service centers owned and operated by Food Safety International, strategically located domestically and internationally as both operating port and land units. Food producers, processors and retailers have additional incentive to utilize PDSC technology. Ozone destroys pathogenic microorganisms that cause spoilage and transmit disease; it extends the shelf life of a product an additional 10 to 60 days, ensuring better quality and reduced shrinkage. Consumers have higher expectations and will force regulators to provide stricter guidelines and regulations food safe products in all food categories. Bio terrorism may be another area addressed by such regulations US FDA officially granted GRAS status to Ozone for use in food-contact applications, in 2001. The process is already being used to purify foods, and LA currently uses ozone to decontaminate its water supply. Ozone is a cost-effective food industry sanitizing agent. Ozone is 51% more powerful on bacterial cell walls and kills bacteria 3100 times faster than chlorine making it the most powerful broad-spectrum microbiological control agent available. It is chemical-free; it produces no toxic by-products. The result is a product that is clean and environment-friendly; its only by-product is oxygen, it eliminates the use of hot water, conventional sanitizers, and virtually all chemical usage. It is extremely effective as a disinfectant at relatively low concentrations. This makes it a much safer product for employees to use than any conventional chemicals. All parties: grower, transporter, retailer and consumer will benefit from PDSC\'s products. We are acting aggressively with an accumulation signal to capitalize on what we believe will be some extremely positive surprises over the very near-term that could send their shares soaring! DO NOT MISS THIS STOCK IN THIS RANGE - BUY IT NOW !! PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC****PDSC The information provided in this report is intended solely for general knowledge and does not constitute an offer or a solicitation of an offer for the purchase or sale of any shares or other securities There are substantial risks associated with investing in development stage companies. Potential investors should seek advice from a qualified financial dealer prior to investing. A fee of 10,000 USD ( By a Third Party) was paid for the distribution of this report. --4603c3d548dfbea8eabb7a841700a30c-- . Fax: [email protected] Telefono: [email protected] Messaggio: [email protected] |
#13
Posted 13 March 2006 - 09:46
|
Cel mai simplu si rapid rezolvi verificand daca oricare din campurile formularului de contact contine una din expresiile: "Content-Type:" si "MIME-Version:". Daca le gasesti, nu mai trimiti nici un mail. Daca nu le gasesti, lasi totul sa decurga normal.
|
#14
Posted 13 March 2006 - 12:47
|
eu am pus o conditie cu $_SERVER['referer'] sa fie pagina interna html si nu externa, am facut o proba, am luat formularul am pus la action="http://..adresa absoluta engine php" si am pus pagina respectiva pe un alt server si mergea sa trimit mailuri la greu...catre adresa la care mergeau datele din formular, totusi nu-mi dau seama cum pot sa se foloseasca de pagina php care elboreaza datele in php (daca in campul functiei mail("[email protected]",$header,$content); ) sa trimita spam catre alte adrese mai departe folosindu-se de scriptul meu php, deci nu vad cum ar putea sa inlocuiasca [email protected] cu orice adresa vor ei asta nu inteleg.
administratorul serverului m-a avertizat ca s-au spamat niste adrese AOL austria etc.. si ca le blocheaza accesul, totusi eu nu-mi dau seama cum poate cineva sa-mi inlocuiasca in scriptul php care este server side, adica poate modifica doar daca are acces la server si nu din pozitie client side..asta nu-mi dau seama...bine eu sunt novice in php dar faza ca trebuie sa ai acces la server ca sa modifici un script php ...o stiu si eu Edited by mindsoul, 13 March 2006 - 12:49. |
#15
Posted 13 March 2006 - 13:46
|
eu am pus o conditie cu $_SERVER['referer'] sa fie pagina interna html si nu externa, am facut o proba, am luat formularul am pus la action="http://..adresa absoluta engine php" si am pus pagina respectiva pe un alt server si mergea sa trimit mailuri la greu...catre adresa la care mergeau datele din formular, totusi nu-mi dau seama cum pot sa se foloseasca de pagina php care elboreaza datele in php (daca in campul functiei mail("[email protected]",$header,$content); ) sa trimita spam catre alte adrese mai departe folosindu-se de scriptul meu php, deci nu vad cum ar putea sa inlocuiasca [email protected] cu orice adresa vor ei asta nu inteleg. administratorul serverului m-a avertizat ca s-au spamat niste adrese AOL austria etc.. si ca le blocheaza accesul, totusi eu nu-mi dau seama cum poate cineva sa-mi inlocuiasca in scriptul php care este server side, adica poate modifica doar daca are acces la server si nu din pozitie client side..asta nu-mi dau seama...bine eu sunt novice in php dar faza ca trebuie sa ai acces la server ca sa modifici un script php ...o stiu si eu Despre verificarea referer-ului...Daca in script-ul php preiei datele din formularul html, acel POST se poate "produce" cu ajutorul librariei cURL (de ex.). Se compun header-ele destul de simplu, printre care si acel referer. Apoi se submit-uie catre script-ul php, care de fapt crede ca datele vin din formularul html. Ma intreb si eu cum a reusit sa modifice adresa de e-mail a destinatarului...doar daca nu ai scapari de securitate in codul tau. In cazul in care consideri ca nu e o problema, ai putea pune codul aici? |
|
#16
Posted 13 March 2006 - 13:58
|
asta-i, tocmai mi-a zis administratorul serverului de faza cu CURL, care nu o inteleg oricum.
<?php $email=$_REQUEST['email']; $nome=$_REQUEST['nome']; $cognome=$_REQUEST['cognome']; $citta=$_REQUEST['citta']; $telefono=$_REQUEST['telefono']; $fax=$_REQUEST['fax']; $messaggio=$_REQUEST['messaggio']; $content="<html><head> <title>sito web</title> <style type=\"text/css\" media=\"screen\"> @import url(http://www.sitoweb.it/stylemail.css); </style> </head> <body><table class=\"formular\"> <tr><td colspan=\"2\"> <a href=\"http://www.sitoweb.it\" title=\"sitoweb Home page\"><img src=\"logo.gif\" alt=\" Logo\" class=\"link\" /></a> </td></tr> <tr><td class=\"formular2\"><b>Nome:</b></td><td class=\"formular2\" >$nome</td></tr> <tr><td class=\"formular\"> <b>Cognome:</b></td><td class=\"formular\" >$cognome</td></tr> <tr><td class=\"formular2\"> <b>Citta:</b></td><td class=\"formular2\" >$citta</td></tr> <tr><td class=\"formular\"> <b>E-mail:</b></td><td class=\"formular\" ><a href=\"mailto:$email\" title=\"Email\">$email</a></td></tr> <tr><td class=\"formular2\"> <b>Fax:</b></td><td class=\"formular2\" >$fax</td></tr> <tr><td class=\"formular\"> <b>Telefono:</b></td><td class=\"formular\" >$telefono</td></tr> <tr><td class=\"formular2\" colspan=\"2\"><b> Messaggio:</b><br><br>$messaggio</td></tr> </table> </body></html>"; $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; /* additional headers */ $headers .= "To: FIRMA <[email protected]>\r\n"; $headers .= "From:$email\r\n"; $headers .= "Cc: [email protected]\r\n"; $headers .= "Bcc: [email protected]\r\n"; if($email==""||$nome==""||$cognome==""||$citta==""){ include("structura-non-conferma.php"); top(); echo"<div class=\"left\"> <div class=\"text\"><p class=\"text\">The requests matched by the asterisk <span class=\"star\">*</span> are obligatory</p> </div></div>"; bottom(); } else{ $userlink=$_SERVER["HTTP_REFERER"]; if( $userlink=="HTTP://ADRESA-ABSOLUTA-FORMULAR.php"){ mail("[email protected],[email protected]", "Form richiesta informazioni - inglese :SITO www.SITOWEB.it",$content,$headers); include("structura-conferma.php"); top(); $confirmare="<div class=\"left\"> <div class=\"text\"><p class=\"text\">Thank you for visiting us. You will receive an email as quick as possible. </p> </div></div>"; echo $confirmare; bottom(); } else{ include("structura-non-conferma.php"); top(); echo"<div class=\"left\"> <div class=\"text\"><p class=\"text\">The requests matched by the asterisk <span class=\"star\">*</span> are obligatory</p> </div></div>"; bottom(); } } ?> |
#17
Posted 13 March 2006 - 14:11
|
Da, e clara treaba
Nu faci nici o verificare a adresei de e-mail introdusa de cel care completeaza formularul. In loc sa introduca "[email protected]", poate introduce: "[email protected]\r\nbcc: [ si aici urmeaza insiruirea de adrese de mail la care se trimite spam-ul]" Printr-o simpla expresie regulata poti valida adresa de e-mail introdusa...si ai scapat de problema. Oricum, un sfat: niciodata sa nu folosesti datele introduse de un vizitator fara sa faci verificari prealabile! Lumea e rea  HTH |
#18
Posted 13 March 2006 - 14:13
|
Da, e clara treaba Nu faci nici o verificare a adresei de e-mail introdusa de cel care completeaza formularul. In loc sa introduca "[email protected]", poate introduce: "[email protected]\r\nbcc: [ si aici urmeaza insiruirea de adrese de mail la care se trimite spam-ul]" Printr-o simpla expresie regulata poti valida adresa de e-mail introdusa...si ai scapat de problema. Oricum, un sfat: niciodata sa nu folosesti datele introduse de un vizitator fara sa faci verificari prealabile! Lumea e rea HTH |
Anunturi
Bun venit pe Forumul Softpedia!
▶ 1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
-
- Change Theme
- English
- Mark Community Read
- Termene & conditii
- Confidentialitate
- Consimtamant
- Cookies
- Help
© 2001-2024 Softpedia. All rights reserved. Softpedia® and the Softpedia logo are registered trademarks of SoftNews Net SRL.
Ora implicita a Forumului Softpedia este ora standard a Romaniei (GMT+2). Mai multe informatii →
⚠ Postarile afisate pe Forumul Softpedia reprezinta o opinie subiectiva a membrilor care le-au publicat si nu a SoftNews Net SRL.