<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>
myOffice Email Message
</title>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="date" content="2002-11-01">
<style type="text/css">
</style>
</head>
<body>
<span style=
"color:#FF0000 "><b><span style=
"font-family:MS Sans Serif ">[Reply]</span></b></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">HI John et al,</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">I use very much the same type of PHP contact form, and have eliminated all such entries where I only wish to have contacts from NZ. I implemented very simple test if the remote address (IP Number) is from New Zealand. BTW I have tried simple Captcha style mechanisms but not totally successful in stopping these false contacts.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">Check out:</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">http://www.phptutorial.info/iptocountry/the_script.html</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">My code that processes the request from the Contact Form then uses curl to access my IP2Country system and if not from NZ sends it to the ether, well there is a message too, just to be polite.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">My server is Linux and I run a Cron process every night to update the IP2Country lookup tables. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">HTH</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">Gary</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#000000 ">A</span><span style=
"color:#FF0000 "><b>t 23:19 on 19/03/2014 you wrote </b></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>This is a multipart message in MIME format.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>It's probably from a spam bot. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Don't forget that data validation needs to happen client side and server side. Server side because if a user has javascript disabled it wouldn't be validated . and also, nothing really stopping a bot from posting data directly without even requesting the page. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>The usual ways to cut down on bots posting include Captcha, using Cookies/Sessions with CSRF tokens to make sure only someone who requested the page can actually post, checking the content with Aksimet/Defensio/etc for spam content . and so on. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>PS: It's one of the reasons why I am not big on PHP. In PHP you kind of have to implement and handle this kind of security checking in every single form you do . and if you forget something somewhere then your website is under risk of getting abused/hacked. The asp.net framework does handle all of this basics for you out of the box. I feel very confident my websites will hold up much better to attacks then anything written in PHP. Don't get me wrong, I am not suggesting you ditch PHP just for your simple contact form, that would be overkill - just proof your php script better! But if you ever plan on doing something a bit bigger more complex with multiple input forms then I seriously suggest you think twice before using PHP.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Kind regards,</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Stefan Mueller,</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>R&D Manager</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>ORCL Toolbox Ltd. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Auckland, New Zealand </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>P Please consider the environment before printing this email</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>This message is intended for the adresse named above and may contain privileged or confidential information.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>From: delphi-bounces@listserver.123.net.nz [mailto:delphi-bounces@listserver.123.net.nz] On Behalf Of David O'Brien</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Sent: Wednesday, 19 March 2014 8:19 p.m.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>To: NZ Borland Developers Group - Delphi List</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Subject: Re: [DUG] Contact form page</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Possibly a Unicode or language problem?</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Sent from my Windows Phone</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> _____ </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>From: John C <mailto:jc@sunshinesoftware.co.nz> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Sent: ?19/?03/?2014 8:16 p.m.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>To: NZ Borland Developers Group - Delphi List <mailto:delphi@delphi.org.nz> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Subject: [DUG] Contact form page</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Hi all</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>I have this website with a contact page (in PHP & html) where any person can submit a request with their contact details which is emails to me after clicking a submit button.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>All works fine, however. So now and then I receive an email from this website/page but details don't seem being filled in at "page level" but in another way. This as the page does a submit validation check and the submitted phone number is e.g. " LbXwjLfDDTFkIuBkPP " something my validator doesn't allow for. </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Also other details are like:</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Name: Bjmpynut</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Organisation: ahTKXyxtYnCdo</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Position: Bjmpynut</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Phone: LbXwjLfDDTFkIuBkPP</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Email: gipnpmhk@uohrokgr.com</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>All looks very suspicious. Any clues how this could happen at all and how to prevent this?</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>The webpage in question is at http://www.relacs.co.nz/ContactUs.php</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>The email creator resides in the post process of the page like:</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> if($_POST['Submit']=="Submit")</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> {</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Name = $_POST['InputName'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Email = $_POST['InputEmail'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Phone =$_POST['InputPhone'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Company = $_POST['InputCompany'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Position = $_POST['InputPosition'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Subject = $_POST['Subject'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Comment = $_POST['InputComment'];</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body = "Name: $Name\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Company: $Company\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Position: $Position\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Phone: $Phone\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Email: $Email\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Subject: $Subject\n\n";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $body.= "Comment: $Comment";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Receiver = "info@relacs.co.nz" ;</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $send = mail($Receiver, "Feedback website - RELACS", $body, "From: $Email");</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> $Msg = "Thank you $Name for your feedback. We will get back to you ASAP";</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> }</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Thanks for any help and/or suggestions.</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">> </span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>John Ch</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">></span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>_______________________________________________</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>NZ Borland Developers Group - Delphi mailing list</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Post: delphi@listserver.123.net.nz</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Admin: http://delphi.org.nz/mailman/listinfo/delphi</span></span>
<p>
<span style=
"font-family:MS Sans Serif "><span style=
"color:#008000 ">>Unsubscribe: send an email to delphi-request@listserver.123.net.nz with Subject: unsubscribe</span></span><p>
<font face=arial size = 1 color = Navy><font color=gray face = "helvetica,verdana,arial" size = 1><br>
<font size=2 color="black">Gary Benner </font>MNZCS ITCP<br>
Information Technology Certified Professional <br>
<a HREF="http://www.onlearn.co.nz" style="text-decoration:none; color:blue">Onlearn Limited</a> - Online Learning Hosting & Support, Training & Content Development<br>
<a HREF="http://www.123.net.nz" style="text-decoration:none; color:blue">123 Internet Limited</a> - Managed Web Hosting, Virtualisation, High Availability Systems & Cluster Technologies<br>
<a HREF="http://www.semantic.co.nz" style="text-decoration:none; color:teal">Semantic Limited</a> - Software Development & Systems Design, Online Education, e-Commerce<br>
<a HREF="http://www.diwa.co.nz" style="text-decoration:none; color:teal">Disaster Warning Systems Limited</a> - Public Emergency Warning and Communication Systems<br>
<b>Mob:</b> 021 966 992<br>
<b>DDI:</b> +64 7 543 1206<br>
<b>Email:</b> <a href="mailto:gary@benner.co.nz" >gary@benner.co.nz</a><br>
<b>Skype:</b> garybenner<br>
</font><br>
<br>
Ref#: 41006<br>
<br>
</body>
</html>