Anti-spam mail function

Help
2006-12-15
2013-04-22
  • Ludovic Drolez
    Ludovic Drolez
    2006-12-15

    Hi!

    While I was reading Mythread's source code, I found in the old historical code that someone could send spam using the 'suggest a new category' form.
    To stop all spam attempts, edit lib_main.php3 and replace the old mymail() function by this one:

    ====
    function mymail($to, $sub, $text, $from)
    {
      $sub = substr(urldecode($sub), 0, 80);
      $to = urldecode($to);
      $from = urldecode($from);
      $text = urldecode($text);

      # forbidden expressions
      $re = "/[%\n\r]*/i";

      if (preg_match($re, $sub)) {
        die("No spam here !");
      }
     
      #$sub = preg_replace($re, "", $sub);
      $to = preg_replace($re, "", $to);
      $from = preg_replace($re, "", $from);

      if (function_exists ("email")) {
        # email function found : we are running on online.fr's servers
        ereg ("^[^@]+", $from, $newfrom);
        $ret = email($newfrom[0], $to, $sub, $text);   
      } else {
        $ret = mail($to, $sub, $text, "From: $from \r\n");
      }

      return $ret;
    }
    =====

    Of course this fix will be integrated in the next 1.1.x release soon. (I don't know if it should be added in the 1.0.x releases... since there's no Captcha in 1.0.x, it's already a spam nightmare ! So use 1.1.x to avoid spam).

    Cheers,

      Ludo.

     
    • C
      C
      2006-12-15

      Greetings,

      Just to clarify, the mythreads 1.1.1 beta released back in 2006-06-30, has the vulnerability and should be modified with this new code?

      RootsMan

       
      • Ludovic Drolez
        Ludovic Drolez
        2006-12-16

        Yes ! If your site is under attack, you'll receive a lot of 'mail delivery failures' in your admin email account.