tutorial

Webform spam again - stop injecting

Non-medical injections are rarely a good idea; even when they're fun. This general life-rule is upheld in the domain of email headers too. Nefarious webform spammers are now abusing forms to not only (or necessarily) annoy the webmaster concerned, but rather use them to transmit email elsewhere. The Poorhouse imagines this will only increase as more and more people realise the need to lock down their mail servers from being an open relay and hence spammers need turn elsewhere to continue their evil.

The technique discussed here is known as email header injection as it consists of the spam-menace adding extra headers to the email that your webform will send to make it behave in ways that it really shouldn't; the obvious candidate being to send the form's "feedback" to a million innocent recipients rather than the single person that the webform designer had in mind.

Cut down on webform spam

Spam...the curse of the modern webmaster - and everyone else. Long gone are the days when replacing any email addresses on your website with lovely looking contact forms would prevent spam. Now the Evil Empire of email abusers have invented ways of clicking the "send" button a million times, and worse.

So how to reduce the onslaught? It's not hard to write code that says "don't send a message", but the problem is differentiating between messages that should be sent and those that shouldn't.

If the spam isn't out of hand, one idea is to try and analyse the patterns of the spam you are getting via your webforms. To do this, there are several "server variables" you can play with. These include things like what web browser your potentially nefarious site visitor is using, what their IP address is and what webpage sent them to the current page. Sadly for this application, most of this info can be faked or not given out by especially evil and/or privacy concerned people, but it may help stem the flow nonetheless.

Griddled to perfection

Want to replicate your finest-but-complexist tabular data on the web? You'll no doubt want a grid provide visual clarity. Seeing as it's the year 2010(ish) of course CSS is the way to go. But when the Poorhouse wanted such an effect, it wasn't quite so obvious how to achieve. In an effort to spare the highs and lows of the technique for other amateur web-kidz, here's how we did it.

Assuming you don't want all your tables to look like grids, you'll want to work on a new class of <table>, called perhaps, pick word at random, "grid". Each cell aka <td> of the table wants to be entirely surrounded by borders to give the impression of individual rectangles. Let's use the power of CSS inheritance to make it so:

Syndicate content