Jump to content
Larry Ullman's Book Forums

Spam scrubber misses backslashed 'n's and 'r's


Recommended Posts

Hi there

I hope you are well, Larry.

 

I decided to re-visit my 'Contact us' page and review the spamscrubber.  I was having trouble getting the spamscrubber to fish out the '\n's and '\r's to the extent that I changed the blank spaces to letters:

 

function spam_scrubber($value) 
    {
    //Create spam scrubber array..............
    $very_bad = array('to:' , 'cc:' , 'bcc:' , 'content-type:' , 'mime-version' , 'multipart-mixed' , 'content-transfer-encoding:');
    //For loop comparing email text to bad words.......
    foreach ($very_bad as $v)
        {
        //Look for bad word using stripos to ID the characters in the string.  It will return a blank if found......
        if (stripos($value, $v) !== false)
            {
            return 'AA';
            }
        }
        
    $value = str_replace(array( "\r" , "\n" , "%0a" , "%0d"), 'BB' , $value);
    echo $value;
    return trim($value);
    }
 

which made it easier to see what was going on.  Thus my enquiry that included some '\n's and '\r's went through the email system WITH the '\n's and '\r's.  So I then changed the code to (in red):

function spam_scrubber($value) 
    {
    //Create spam scrubber array..............
    $very_bad = array('to:' , 'cc:' , 'bcc:' , 'content-type:' , 'mime-version' , 'multipart-mixed' , 'content-transfer-encoding:');
    //For loop comparing email text to bad words.......
    foreach ($very_bad as $v)
        {
        //Look for bad word using stripos to ID the characters in the string.  It will return a blank if found......
        if (stripos($value, $v) !== false)
            {
            return 'AA';
            }
        }
        
    $value = str_replace(array(
"\\r" , "\\n" , "%0a" , "%0d"), 'BB' , $value);
  
    return trim($value);
    }

 

and it works just fine.  Thought I should let you know.

 

Regards

 

Max

Link to comment
Share on other sites

I have also changed the criteria so:

 

$very_bad = array('to:' , 'cc:', 'bcc:', 'content-type:', 'mime-version', 'multipart-mixed', 'content-transfer-encoding:', 'sex', 'bitcoin', 'resource', '$', 'city', 'money', 'traffic', 'GetaBusinessLoan', 'bitcoin', 'ProFunding', 'BusinessLoan', 'einfac');

 

which has cut downthe deluge of spam that I used to get.

Link to comment
Share on other sites

...and I am killing off any emails in the first category as I don't want to receive them anyway....

$very_bad = array('to:' , 'cc:', 'bcc:', 'content-type:', 'mime-version', 'multipart-mixed', 'content-transfer-encoding:', 'sex', 'bitcoin', 'resource', '$', 'city', 'money', 'traffic', 'GetaBusinessLoan', 'bitcoin', 'ProFunding', 'BusinessLoan', 'einfac');
    foreach ($very_bad as $v)
        {
        if (stripos($value, $v) !== false)
            {
            die();
            }
        }

I don't know it that is bad programming practice to kill a program in mid-flow (like the dreaded BASIC GOTO command), but it does work!

Edited by Max
Spelling
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...