我的网站联系表被用来发送欺骗性电子邮件
my website contact form being used to send spoof emails
我的托管服务提供商联系了我,说我设计的其中一个网站正在发送欺骗性电子邮件。做了一些研究,但我仍然不太明白 how/what 他们是在发送这些欺骗性电子邮件。然而,更重要的是,我应该如何处理这个问题,如果我尝试将这些 'captcha' 中的一个放在联系表格上,或者我是否应该更改我网站上的代码,会有帮助吗?如下所示:
<?php
$EmailFrom = Trim(stripslashes($_POST['EmailFrom']));
$EmailTo = "***";
$Subject = "Message to A R C Products";
$Name = Trim(stripslashes($_POST['Name']));
$Address = Trim(stripslashes($_POST['Address']));
$Telephone = Trim(stripslashes($_POST['Telephone']));
$Message = Trim(stripslashes($_POST['Message']));
// prepare email body text
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$Message = "
Name:$Name
Address: $Address
Telephone: $Telephone
$Message";
// send email
$success = mail($EmailTo, $Subject, $Message, $headers);
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}
?>
<h2><strong>Contact Us</strong></h2>
<form method="POST" action="contact.php">
<br/>
<p style="margin-top: 0;">Fields marked (*) are required</p>
<p style="margin-top: 0;">Your Email:* <br/>
<input type="text" name="EmailFrom">
<p style="margin-top: 0;">Name:* <br/>
<input type="text" name="Name">
<p style="margin-top: 0;">Address:<br/>
<input type="text" name="Address">
<p style="margin-top: 0;">Telephone:<br/>
<input type="text" name="Telephone">
<p style="margin-top: 0;">Message:*<br/>
<TEXTAREA NAME="Message" ROWS=6 COLS=40>
</TEXTAREA>
<p style="margin-top: 0;"><input type="submit" name="submit" value="Submit">
</form>
查看 filter_input 以清理您的输入数据。我也不会使用表单中的电子邮件作为发件人地址。
$EmailFrom = filter_input(INPUT_POST,'EmailFrom', FILTER_SANITIZE_EMAIL);
我的托管服务提供商联系了我,说我设计的其中一个网站正在发送欺骗性电子邮件。做了一些研究,但我仍然不太明白 how/what 他们是在发送这些欺骗性电子邮件。然而,更重要的是,我应该如何处理这个问题,如果我尝试将这些 'captcha' 中的一个放在联系表格上,或者我是否应该更改我网站上的代码,会有帮助吗?如下所示:
<?php
$EmailFrom = Trim(stripslashes($_POST['EmailFrom']));
$EmailTo = "***";
$Subject = "Message to A R C Products";
$Name = Trim(stripslashes($_POST['Name']));
$Address = Trim(stripslashes($_POST['Address']));
$Telephone = Trim(stripslashes($_POST['Telephone']));
$Message = Trim(stripslashes($_POST['Message']));
// prepare email body text
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$Message = "
Name:$Name
Address: $Address
Telephone: $Telephone
$Message";
// send email
$success = mail($EmailTo, $Subject, $Message, $headers);
// redirect to success page
if ($success){
print "<meta http-equiv=\"refresh\" content=\"0;URL=ok.html\">";
}
else{
print "<meta http-equiv=\"refresh\" content=\"0;URL=error.html\">";
}
?>
<h2><strong>Contact Us</strong></h2>
<form method="POST" action="contact.php">
<br/>
<p style="margin-top: 0;">Fields marked (*) are required</p>
<p style="margin-top: 0;">Your Email:* <br/>
<input type="text" name="EmailFrom">
<p style="margin-top: 0;">Name:* <br/>
<input type="text" name="Name">
<p style="margin-top: 0;">Address:<br/>
<input type="text" name="Address">
<p style="margin-top: 0;">Telephone:<br/>
<input type="text" name="Telephone">
<p style="margin-top: 0;">Message:*<br/>
<TEXTAREA NAME="Message" ROWS=6 COLS=40>
</TEXTAREA>
<p style="margin-top: 0;"><input type="submit" name="submit" value="Submit">
</form>
查看 filter_input 以清理您的输入数据。我也不会使用表单中的电子邮件作为发件人地址。
$EmailFrom = filter_input(INPUT_POST,'EmailFrom', FILTER_SANITIZE_EMAIL);