美好的一天大师。我正在寻求帮助来增加我正在使用的旧的告诉朋友PHP脚本的垃圾邮件安全性。上周它是垃圾邮件机器人的受害者,在不到一分钟的时间内使用它就像在服务器上超载了60次。我的问题是,如何以最简单或最简单的方式修改它,可能是保存IP或使用cookie,不确定,以便相同的用户不能在不到一分钟的时间内使用它超过3次,或者如果你有更好的建议,那将非常受欢迎;]
这是加载脚本的HTML页面:( HTML也已过时,我正在处理它)
<html>
<head>
<title>Tell a Friend</title>
<meta name="robots" content="noindex, nofollow" />
<script language="javascript">
function reset() {
document.tellafriend.name.value="";
document.tellafriend.email.value="";
document.tellafriend.fmail1.value="";
document.tellafriend.fmail2.value="";
document.tellafriend.fmail3.value="";
}
function validate() {
if (document.tellafriend.fmail1.value.length==0) {
alert("Oops! you'll need to enter a friend's email address");
return false;
}
if (document.tellafriend.email.value.length==0) {
alert("Oops! you forget to enter your email address");
return false;
}
if (document.tellafriend.name.value.length==0) {
alert("Oops! you forgot to enter your name");
return false;
}
document.tellafriend.submit()
return true;
}
</script>
</head>
<body onLoad="reset()">
<table>
<tr>
<td>
<span>Complete the details below to send this link to a friend:</span>
<? $refurl = $_SERVER['HTTP_REFERER']; ?>
<span><? print $refurl;?></span>
<form name="tellafriend" action="tellafriend.php" method="post" onSubmit="return checkfields()">
<table>
<tr>
<td> Your name*:</td>
<td>
<input name="name" size="30" maxlength="45">
</td>
</tr>
<tr>
<td>Your email*:</td>
<td>
<input name="email" size="30" maxlength="45">
</td>
</tr>
<tr>
<td colspan="2">
<p align="center">Enter your friend's email addresses:</p>
</td>
</tr>
<tr>
<td>Email 1*:</td>
<td>
<input name="fmail1" class="bordesolid1" size="30" maxlength="50">
</td>
</tr>
<tr>
<td>Email 2*:</td>
<td>
<input name="fmail2" size="30" maxlength="50">
</td>
</tr>
<tr>
<td>Email 3*:</td>
<td>
<input name="fmail3" size="30" maxlength="50">
</td>
</tr>
<tr>
<td colspan="2">
<p align="center">
<span>This message will contain your name & email address.</span><br>
<input onclick="validate();" type="button" value="click once to send">
<input type=hidden name=refurl value="<? print $refurl;?>">
</td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>
这是PHP脚本(tellafriend.php):
<?php
if(count($_POST)) {
foreach(array('fmail1','fmail2','fmail3','email','name') as $key) $_POST[$key] = strip_tags($_POST[$key]);
if(!is_secure($_POST)) {
die("Peace People! Stop Spamming!");
}
$emailto = "admin@domain.com";
$esubject = "Recommendation form submission";
$emailtext = "$_POST[name] has used your recommendation form using an email address of $_POST[email].
The people the recommendation has been submitted to are:
$_POST[fmail1]
$_POST[fmail2]
$_POST[fmail3]
The page recommended:
$_POST[refurl]";
@mail("$emailto", $esubject, $emailtext, "From: $_POST[email]");
$thankyoupage = "thankyou.htm";
$tsubject = "A web page recommendation from $_POST[name]";
$ttext = "Hi, $_POST[name], whose email address is $_POST[email] thought you may be interested in this web page.
$_POST[refurl];
@mail("$_POST[fmail1],$_POST[fmail2],$_POST[fmail3]", $tsubject, $ttext, "FROM: $_POST[email]");
header("Location: $thankyoupage");
exit;
}
function is_secure($ar) {
$reg = "/(Content-Type|Bcc|MIME-Version|Content-Transfer-Encoding)/i";
if(!is_array($ar)) {
return preg_match($reg,$ar);
}
$incoming = array_values_recursive($ar);
foreach($incoming as $k=>$v) if(preg_match($reg,$v)) return false;
return true;
}
function array_values_recursive($array) {
$arrayValues = array();
foreach ($array as $key=>$value) {
if (is_scalar($value) || is_resource($value)) {
$arrayValues[] = $value;
$arrayValues[] = $key;
}
elseif (is_array($value)) {
$arrayValues[] = $key;
$arrayValues = array_merge($arrayValues, array_values_recursive($value));
}
}
return $arrayValues;
}
?>
答案 0 :(得分:0)
我会说1)你应该验证电子邮件地址(发件人和收件人)是否有效(有足够的正则表达可以检查) - 到目前为止还没有防弹,但这是一个步骤。
2)简单阈值:创建一个数据库表,跟踪发件人的IP地址和提交推荐电子邮件请求的日期。在批准请求之前,检查表中没有X行,在最后Y分钟内使用相同的IP
3)添加验证码以验证发件人是否为人(需要更多的垃圾邮件)
更复杂的解决方案需要跟踪和分析垃圾邮件发送者的模式:许多不同的IP地址,可能来自您可以阻止的某些国家/地区?许多发件人的类似电子邮件地址?等