Webmaster Contact Page

Home Page
0) $attack++; } return $attack; } function attack_check1($teststr) //check for injection strings without colons on the end { $attack=0; $headerstrings = array("apparently-to", "bcc", "cc", "errors-to", "reply-to", "boundary=", "charset=", "content-disposition", "content-type", "content-transfer-encoding", "message-id", "mime-version", "multipart/mixed", "multipart/alternative", "multipart/related", "x-mailer", "x-sender", "x-uidl" ); foreach ($headerstrings as $injection) { if (substr_count($teststr,$injection)>0) $attack++; } return $attack; } if ($submitletter) { //determine lengths of eader and subject field since it may indicate how many emails are being attempted to be sent $senderlength=strlen($sender); $subjlength=strlen($sbj); //Remove all white space from the senders entered email address. $sender1 = strtolower($sender); $sender1=str_replace(" ", "", $sender1); //remove all spaces in sender string $sender1=str_replace("\t", "", $sender1); //remove all tabs in sender string $sender1=str_replace("\n", "", $sender1); //remove all new lines in sender string $sender1=str_replace("\r", "", $sender1); //remove all carriage returns in sender string $sender1=str_replace("\0", "", $sender1); //remove all nulls in sender string $sender1=str_replace("\x0B", "", $sender1); //remove all vertical tabs in sender string $attack=attack_check($sender1); //looks for email header information in the sender email address //strip all white space that is not a space from the subject field $sbj1=str_replace("\t", "", $sbj); //remove all tabs in subject string $sbj1=str_replace("\n", "", $sbj1); //remove all new lines in subject string $sbj1=str_replace("\r", "", $sbj1); //remove all carriage returns in subject string $sbj1=str_replace("\0", "", $sbj1); //remove all nulls in subject string $sbj1=str_replace("\x0B", "", $sbj1); //remove all vertical tabs in subject string $attack1=attack_check1($sbj); //test for an attack in the subject field assuming whitespace may still be there since spaces were left alone // Test email address to determine whether it is correctly formed $formbad=0; if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[a-z0-9-]+)", $sender1)) $formbad=1; if ($formbad==1) echo "There seems to be a problem with the format of your email address.
"; if (($attack>0) or ($attack1>0) or ($formbad==1)) //do not send the email, send email to administrator about attacker, and act like the email was sent { if (($attack>0) or ($attack1>0)) //if attacked { if (strlen($abusenotify)>0) { $message1="A possible email injection attempt at " . $_SERVER["SCRIPT_FILENAME"] . "was detected"; $message1.="The following information was entered in the form - User return email address:\r\n"; $message1.=$sender . "\r\n\r\nSubject:\r\n" . $sbj . "\r\n\r\nMessage:\r\n\r\n" . $thiscontent; $message1.="\r\n\r\nThe message was sent from " . $_SERVER["REMOTE_ADDR"] . " on port " . $_SERVER["REMOTE_PORT"] . "\r\n"; $message1.="The HTTP user agent was " . $_SERVER["HTTP_USER_AGENT"] . "\r\n"; $message1.="The HTTP referer was " . $_SERVER["HTTP_REFERER"] . "\r\n"; $message1.="The request time was " . $_SERVER["REQUEST_TIME"] . "\r\n"; $message1.="The request method was " . $_SERVER["REQUEST_METHOD"] . "\r\n"; $message1.="The server port was " . $_SERVER["SERVER_PORT"] . "\r\n"; $headers = "From: <" . $recipient . ">\n"; $headers .= "X-Sender: <" . $recipient . ">\n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Return-Path: <" . $recipient . ">\n"; // Return path for errors //check the $headers variable for domain names outside the site domain name mail($abusenotify, "Possible email injection attact attempt!", $message1, $headers); } //end if an abuse notify email exists } //end if attacked // act like the message was sent $appendstr.="
\r\n"; $appendstr.="\r\n"; $appendstr.="\r\n"; $appendstr.="\r\n"; $appendstr.="\r\n"; $appendstr.="
" . $message . "

Your message has been sent.
Message sent by: " . $sender . "
Subject: " . $sbj . "
Message:
\r\n" . $thiscontent . "

\r\n"; } //end if attacked or form was bad else //no attack is detected, send the email { $headers .= "From: <" . $sender . ">\n"; $headers .= "X-Sender: <" . $sender . ">\n"; $headers .= "X-Mailer: PHP\n"; // mailer $headers .= "Return-Path: <" . $sender . ">\n"; // Return path for errors $thiscontent1=$thiscontent . "\r\n\r\n"; mail($recipient, $sbj, $thiscontent1, $headers); echo "
\r\n"; echo "\r\n"; echo "\r\n"; echo "\r\n"; echo "\r\n"; echo "
" . $message . "

Your message has been sent.
Message sent by: " . $sender . "
Subject: " . $sbj . "
Message:
\r\n" . $thiscontent . "

\r\n"; } //end else no attack } //end if submitletter else { ?>

This form has been created to help eliminate SPAM. Please fill out the form below with your email and the message you would like to send to the webmaster. Items marked with an asterisk are required.

Use of this contact page for any purpose other than sending messages to the webmaster of this site is strictly prohibited. Attempts to use this contact page to send email messages to anyone other than the webmaster of this site is illegal and punishable by law. Automated or manual attempts to determine whether this contact page can be used for any other purpose other than contacting the webmaster of this site is illegal.

"; echo "Your Email: *
\r\n"; //66 echo "Subject:
\r\n"; echo "Message: *

\r\n"; ?>