Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Preventing problems with a mailscript

Status
Not open for further replies.
sirugo

sirugo

Programmer
Joined
Aug 1, 2000
Messages
162
Location
SE
I have written a php-script that uses our mail server to send a message to a user when he/she enters his mail address, so that he/she can confirm what has been POSTed.

Have I opened a door to mail terror in the system?
What problems should I expect and how do I prevent them?

 
Sort by date Sort by votes
So if I write a PHP/CURL script that ignores cookies, runs every 10 minutes, and injects data into your script, I can send 8640 of your preformatted messages every 24 hours to any email address I want?

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
=)

Yes, but one more thing:

I also get a message delivered to my mailbox every 10th message that has been entered.
I check my mailbox many times a day.

So I will stop the script if things like that ever happens.

What will Tek-tips do if the same thing happens?
Or eBay?
Or Yahoo?

Still want to know if there's a way to get around it or if "get rid of it" is the only solution acceptable?
 
Upvote 0 Downvote
Okay, then for the 8 hours you're asleep, I can annoy you with 280 messages and annoy the hell out of someone else with 2880 messages.


Tek-Tips requires that a user create a login before he can perform any action that will generate an email. So does Yahoo. So does eBay.

You are allowing the public at large to use your mail server -- the problems you will face are greater than the problems they do.



Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
If you annoy me with 280 messages I don't care at all.
I will take precautions or shut the script down if that happens.

But on eBay and wherever I can still generate 2880 fake new users the same way that you describe, can't I?
And all 2880 innocent mailboxes will recieve a message that they never asked for.
And the message they get will not be more or less annoying as I see it - a disclaimer with an excuse.

So the difference is only that I chose to receive a message every 10th message sent.
Maybe they do too. So what's really the difference?
 
Upvote 0 Downvote
The difference is, they can disable those specific accounts. The only way to stop me with your methodology is to disallow anyone from posting to the site.

Or at least I assume that if no confirmation messages are allowed to go out, no messages will ever be unlocked.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Yes, but on eBay - for example - I can still create 2880 fake users, making their script send the same amount of annoying messages?

So in what way can I do this better?
 
Upvote 0 Downvote
It's two problems. Keeping me from sending the original 2880, and keeping me from sending an additional 2880.

With either system, you're right, it's about equal.

But to send an additional 2880 through eBay, I would have to create 2880 more accounts.

To do it through your system, I only have to wait till you put the emailing script back online.

That, and eBay would not have to shut down their entire system to stop the emails. You would.

I would make people register with the system. When they create an account, send them a confirmation email then. If they confirm through a link your system emailed them, then their account is active. Then only make users log in. Only active users can post, and their posts are visible immediately.

If a jackass like me comes along, you don't have to shut down all activity on your site to stop me. Just start deleting accounts.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
But you can keep creating thousands of fake accounts as long as the site is there, can't you?

So both sites will have to stop the activity completing (posting messages, creating users) to solve the problem. Right?

Of course I have thought of having accounts but I won't bother until the problem comes along if it ever does.

Thanks for all answers and effort.



 
Upvote 0 Downvote
One site will have to stop all posting.

The other will shut down the creation of new accounts.

In the former case, all site activity stops. In the latter, legitimate users can still use the site.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
900
Chris Miller
Chris Miller
EdLentz
  • Locked
  • Question Question
I need a simple example of how to send a table of info .
Replies
8
Views
1K
EdLentz
EdLentz
Wand850
  • Locked
  • Question Question
Parsing XML with multiple namespaces using PHP
Replies
3
Views
525
spamjim
spamjim
R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
830
Chris Miller
Chris Miller
Gerrit Broekhuis
  • Locked
  • Question Question
PHP form with captcha and file upload
Replies
4
Views
554
Gerrit Broekhuis
Gerrit Broekhuis

Part and Inventory Search

Sponsor

Back
Top