Hi,

in my ongoing war on web-form spamming, I had a coder design a php mail
script that would blacklist IP numbers that included certain words or html
coding in their submission; alas that didn't work. couldn't run the mail
script from cgi bin so, it's in a folder in my web root; not sure how secure
that is. I use an alias on the web form, so recipient = "1" triggers what I
thought was a private (unknown) email address coded into the php script. I
thought these scripts were not readable by anyone, but that they merely
executed on the server. thought also that they might be sending contrived
"form submissions" (must be because they leave out certain fields) directly
to the php script (which supposedly limits referers to my own domain!) ...
so I changed the email destination from something stupidly obvious like
guestbook [at] mysite.com to a mail address with a mixed hash of letters and
numbers, but ... today I got 5 new spams, arriving at my ingeniously devised
email address. before i give up totally, am i missing something obvious
here? can php scripts be read by anyone? should i revert back to matt's
formmail.pl and hope for the best?

thanks for any php-wisdom.

Phil

Message-ID: <oGVZh.11667$Dq6.3239 [at] edtnps82> from Phil contained the
following:

>before i give up totally, am i missing something obvious
>here? can php scripts be read by anyone?

Not normally, no. Without seeing the script it's difficult to comment
on what is happening. Does it, for instance, send an acknowledgement
that contains the address? Is the spam coming from the form, or is the
address being used on a spam list?
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011