Sanjoy Roy

[MCM, MCP, SCJP] – Senior PHP Programmer

Monthly Archives: January 2010

How To Stop Spammers Using Your Feedback Form


Not securing your feedback form can leave it open to spammers possibly allowing them to send junk mail to anyone with it appearing to have originated from you. This could in the worst case scenario see your domain blacklisted by many mail servers.

The Solution

Luckily there are a few things you can do to make your feedback form a lot harder to exploit. The main technique spammers use is to try and insert bcc: headers into the feedback form. Say for example you have a feedback form with a message and an email field, this is passed to a PHP script without any validation which does something similar to the following:

   mail('you@yourdomain.com', 'Feedback', $_POST['message'], 'From: '.$_POST['email']);

If the spammer can send “fake@address.com%0ABcc:recipient1@domain.com,recipient2@domain.com” in the email address field on your form then whatever they type in the message box will not only be sent to you but to all those listed recipients aswell. What if 100’s or 1000’s of bcc: recipients are listed?

A few extra lines of code and this problem can be solved eliminating the majority of attacks on your forms. The following simply removes all occurances of bcc:, cc:, to: or content-type: headers so that the content of the form can only be submitted to you and not to anyone else.

 $find = array("/bcc\:/i","/Content\-Type\:/i","/cc\:/i","/to\:/i");
   $message = preg_replace($find, '', $_POST['message']);
   $email = preg_replace($find, '', $_POST['email']);
   mail('you@yourdomain.com', 'Feedback', $message, 'From: '.$email);

IP Addresses

You may also wish to capture the ip address of the person sending the form.

$ip = $_SERVER['X_FORWARDED_FOR'] ? $_SERVER['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
   mail('you@yourdomain.com', 'Feedback', $message, 'From: '.$email."\nX-From-IP:".$ip);

This could be used in creating your own ‘blacklist’ once you know the ip address of any offenders. The message can then only be sent if its not in your banned ip list:

 $ip = $_SERVER['X_FORWARDED_FOR'] ? $_SERVER['X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
   $banned_ip = array('195.99.99.99','137.11.11.11');
   if(!in_array($ip,$banned_ip)) {
      mail('you@yourdomain.com', 'Feedback', $message, 'From: '.$email."\nX-From-IP:".$ip);
   }
Advertisements

Basic Top 10 SEO Checklist Rules


Below is a keyword checklist to ensure that you follow the basic top tips to optimise your pages correctly including existing, main pages and secondary ones so to present them to the search engines in a acceptable manner, generally accepted search engine algorithm rules.

URL: Get your primary keyword as close to the beginning of the URL as possible.

Title Tag: The title should be between 10 and 50 characters and include one or more keywords while still being descriptive.

Description Meta Tag: The description meta tag should be insightful and useful but it should also contain one or two of your more important keywords.

Keyword Meta Tag: It makes sense that you should include all of your keywords in the keyword meta tag. Do not include any words that don’t appear in the body of your text.

Keyword Density: Your content should be made up of all of your keywords and other text. A total keyword density (all keywords) of around 12% is the maximum you should aim for if you exceed this you could fall foul of Google’s acceptance and cross the line and commit the sin of ‘spamming’  and key word stuffing. Anything less than 2% is unlikely to yield good results. Density for a single keyword should be between 1% and 7%. 1% seems too low and 7% a little too high. Wherever possible aim for approx 5% with the primary keyword and 3% with secondary and subsequent keywords. This is balance which requires very careful consideration and calculation. SEO experts are more skilled at this fine balance and you should seek advice on this subject.

Header Tags (e.g. H1 and H2 tags): More weight is given to keywords that appear within H1 tags, then H2 tags and so on.

Text Formatting Fonts (e.g. strong, bold and underline): This may not offer much weight in algorithms, but generally if you bold the first instance of your keywords and the last instance of your primary keyword you should see some positive results.

Beginning of Text: The closer you can get your keywords to the beginning of your page content the better. Try to include your primary keyword within the first sentence or two and also within the last paragraph.

Key-Phrases as Whole Phrases: If you are targeting Internet Marketing as a key phrase then do not split the words up if possible. Some effect is noticed if the words are split, but much more benefit is received by including the phrase as a whole.

Images Alt Text: Include your keyword at least once in the Alt tag of any images. Ensure that the text is relevant to the image and gives some information.

Want to Climb the Google ladder?


If you want your website to climb the Google ladder then you need to develop your website ethically within the guide lines and be prepared to be patient and never take Unnecessary risks with short term tactics with potentially ‘Black Hat’ practices.

If you want climb the Google Ladder and improve your organic rankings then you need a well constructed site that is fully assessable containing a growing volume of new content and has plenty of quality in bound links. This is the best recipe to follow and your site will eventually climb the Google ladder.

Positive changes you make to your website will be automatically picked up by the Google bots who regularly spiders pages of websites as long as they are accessible and will index pages to their database and take note of those changes. Every web owner wants to see their website rise the Google rankings and we all want to please Google, so if you want to improve your rankings you should try to understand how to satisfy Google’s alogryhtm. To find out more about the Google guidelines. Read more of this post

Citizenship Ceremony is on 26th January 2010


Yah hoo….At last I got the news from the citizenship office that I will be taking citizenship pledges on 26th January 2010. It would be a memorable day in my life.

Use cool Lightbox for Photo Gallery


Lightbox is a simple, unobtrusive script used to overlay images on the current page. It’s a snap to setup and works on all modern browsers.

Example and How to are located here.

%d bloggers like this: