今天有人联系我说从某个域发送了大量垃圾邮件。这是一个相对简单的 php 网站,带有包含姓名、电子邮件、电话和消息的联系表格。除非整个服务器被黑客入侵,否则我看不到该站点可用于向多个用户发送垃圾邮件的任何其他方式。
电子邮件经过验证,并从邮件正文中删除错误字符。我尝试了多种方法来尝试通过表单修改标题,但似乎无法获得任何工作,因此我开始认为表单是安全的。
这是表单验证:
$to='owner@website.com';
$messageSubject='Enquiry from the website';
$confirmationSubject='Your email to website.com';
$confirmationBody="Thankyou for your recent email enquiry to website.com.\n\nYour email has been sent and we will get back to you as soon as possible.\n\nThe message you sent was:\n";
$email='';
$body='';
$displayForm=true;
if ($_POST){
$email=stripslashes($_POST['email']);
$body=stripslashes($_POST['body']);
$name=stripslashes($_POST['name']);
$phone=stripslashes($_POST['phone']);
// validate e-mail address
$valid=eregi('^([0-9a-z]+[-._+&])*[0-9a-z]+@([-0-9a-z]+[.])+[a-z]{2,6}$',$email);
$crack=eregi("(\r|\n)(to:|from:|cc:|bcc:)",$body);
$spam=eregi("http",$body);
$businessBody = "Enquiry from: $name\nEmail: $email\nPhone: $phone\n\nMessage:\n$body";
if ($email && $body && $phone && $name && $valid && !$crack & !$spam){
if (mail($to,$messageSubject,$businessBody,'From: …