Frequently Asked Questions
Lately, it happens more often that there is abuse of standard contact forms. An example:
A contact consists of the fields:
Name (1 line)
Email address (1 line)
Subject (1 line)
Message (multiline).
The "Subject" field will appear in the subject. An example of a PHP command to send mail from this form may look like this:
mail ("info@mywebsite.com", $subject, $message);
The headers of this email will then look like this:
With spam form injection the subject is introduced as follows:
subject=This is the subject \nbcc: test@test.com
The headers will then look like this:
This email is then sent not only to info@mywebsite.com but also to test@test.com and possibly multiple addresses entered.
We would therefore ask everyone to make sure to protect their contact form. A good plan to use this counter is to check the characters \n and \r when the field should not consist of more than one line.
Example:
$subject = str_replace ("\r\n ','', $_POST ['subject']);
A contact consists of the fields:
The "Subject" field will appear in the subject. An example of a PHP command to send mail from this form may look like this:
mail ("info@mywebsite.com", $subject, $message);
The headers of this email will then look like this:
To: info@mywebsite.com
Subject: $subject
With spam form injection the subject is introduced as follows:
subject=This is the subject \nbcc: test@test.com
The headers will then look like this:
To: info@mywebsite.com
Subject: This is the subject
bcc: test@test.com
This email is then sent not only to info@mywebsite.com but also to test@test.com and possibly multiple addresses entered.
We would therefore ask everyone to make sure to protect their contact form. A good plan to use this counter is to check the characters \n and \r when the field should not consist of more than one line.
Example:
$subject = str_replace ("\r\n ','', $_POST ['subject']);
Because in many standard scripts (eg. Joomla) exploits are possible where external code can be executed to cause damage, we have decided to disallow to open files from other Web sites from PHP. This applies to the following commands:
fopen
include
requirement
include_once
require_once
file
Of course there are plenty of reasons your website might need to load files from external webservers. If your web site also requires this,
Of course there are plenty of reasons your website might need to load files from external webservers. If your web site also requires this,
We don't support ASP.
Many people load pages by using a template and load it to a file.
EG: index.php page = voorpagina.php?
The file "voorpagina.php" is then loaded through an include.
Do not do this! By filling in: index.php?page=http: //www.test.com/phpcode.php can allow the user to perform remote code through your script, this is very dangerous!
It is better to work with a header and footer, but if this is not appropriate, it is better to check if the file is on the current server, for example to see if there is a ":" in the $page variable.
EG: index.php page = voorpagina.php?
The file "voorpagina.php" is then loaded through an include.
Do not do this! By filling in: index.php?page=http: //www.test.com/phpcode.php can allow the user to perform remote code through your script, this is very dangerous!
It is better to work with a header and footer, but if this is not appropriate, it is better to check if the file is on the current server, for example to see if there is a ":" in the $page variable.
If you allow visitors to upload files, you must make sure that no malicious PHP and other code can be uploaded.
Therefore, check the file extension of the file that is uploaded, so for example .php is not possible!
Therefore, check the file extension of the file that is uploaded, so for example .php is not possible!
About us
Since 2004 TotallyHosted provides excellent web hosting to individuals and businesses. We provide reliable, fast web hosting at an affordable price.
Dutch Chamber of Commerce: 77650093
Payment methods
Contact
TotallyHosted
Keurenplein 41 – Box E9500
1069CD Amsterdam, Netherlands
+31 (0) 36 523 2266
info@totallyhosted.nl
https://www.totallyhosted.nl
Keurenplein 41 – Box E9500
1069CD Amsterdam, Netherlands
+31 (0) 36 523 2266
info@totallyhosted.nl
https://www.totallyhosted.nl
2004-2024 © TotallyHosted. Terms and conditions | Privacy Statement | Sitemap | Abuse report
All prices are excluding VAT.