Jump to content
Larry Ullman's Book Forums

Spam scrubber misses backslashed 'n's and 'r's


Recommended Posts

Hi there

I hope you are well, Larry.

 

I decided to re-visit my 'Contact us' page and review the spamscrubber.  I was having trouble getting the spamscrubber to fish out the '\n's and '\r's to the extent that I changed the blank spaces to letters:

 

function spam_scrubber($value) 
    {
    //Create spam scrubber array..............
    $very_bad = array('to:' , 'cc:' , 'bcc:' , 'content-type:' , 'mime-version' , 'multipart-mixed' , 'content-transfer-encoding:');
    //For loop comparing email text to bad words.......
    foreach ($very_bad as $v)
        {
        //Look for bad word using stripos to ID the characters in the string.  It will return a blank if found......
        if (stripos($value, $v) !== false)
            {
            return 'AA';
            }
        }
        
    $value = str_replace(array( "\r" , "\n" , "%0a" , "%0d"), 'BB' , $value);
    echo $value;
    return trim($value);
    }
 

which made it easier to see what was going on.  Thus my enquiry that included some '\n's and '\r's went through the email system WITH the '\n's and '\r's.  So I then changed the code to (in red):

function spam_scrubber($value) 
    {
    //Create spam scrubber array..............
    $very_bad = array('to:' , 'cc:' , 'bcc:' , 'content-type:' , 'mime-version' , 'multipart-mixed' , 'content-transfer-encoding:');
    //For loop comparing email text to bad words.......
    foreach ($very_bad as $v)
        {
        //Look for bad word using stripos to ID the characters in the string.  It will return a blank if found......
        if (stripos($value, $v) !== false)
            {
            return 'AA';
            }
        }
        
    $value = str_replace(array(
"\\r" , "\\n" , "%0a" , "%0d"), 'BB' , $value);
  
    return trim($value);
    }

 

and it works just fine.  Thought I should let you know.

 

Regards

 

Max

Link to comment
Share on other sites

I have also changed the criteria so:

 

$very_bad = array('to:' , 'cc:', 'bcc:', 'content-type:', 'mime-version', 'multipart-mixed', 'content-transfer-encoding:', 'sex', 'bitcoin', 'resource', '$', 'city', 'money', 'traffic', 'GetaBusinessLoan', 'bitcoin', 'ProFunding', 'BusinessLoan', 'einfac');

 

which has cut downthe deluge of spam that I used to get.

Link to comment
Share on other sites

...and I am killing off any emails in the first category as I don't want to receive them anyway....

$very_bad = array('to:' , 'cc:', 'bcc:', 'content-type:', 'mime-version', 'multipart-mixed', 'content-transfer-encoding:', 'sex', 'bitcoin', 'resource', '$', 'city', 'money', 'traffic', 'GetaBusinessLoan', 'bitcoin', 'ProFunding', 'BusinessLoan', 'einfac');
    foreach ($very_bad as $v)
        {
        if (stripos($value, $v) !== false)
            {
            die();
            }
        }

I don't know it that is bad programming practice to kill a program in mid-flow (like the dreaded BASIC GOTO command), but it does work!

Edited by Max
Spelling
Link to comment
Share on other sites

 Share

×
×
  • Create New...