Welcome Guest, Not a member yet? Register   Sign In
CI's Email.php is being exploited to push out spam...
#1

[eluser]lc317[/eluser]
I'm new to CodeIgniter, and am now managing a page that uses it. The website has a simple contact form that has been exploited by spammers in the last 72 hours. Looking the spam's headers, they are pushing spam through CodeIgniter's "Email.php" file....I've since removed the file (we are getting hammered with complaints), but of course now am in need of an alternative, as the page needs to have the contact functionality. So, as a newbie, I am looking for some guidance here, so I can get our contact form back up and take proper measures to minimize future risks. Thanks for any help!

#2

[eluser]PhilTem[/eluser]
Does your contact form have any mechanism of determining such abuses e.g. by using a CAPTCHA or by limiting the mails sent per hour?

If not then that's two things you might want to implement Wink
#3

[eluser]lc317[/eluser]
[quote author="PhilTem" date="1354324190"]Does your contact form have any mechanism of determining such abuses e.g. by using a CAPTCHA or by limiting the mails sent per hour?[/quote]


Thanks for responding...Well, I have spent the last few days trying to get ReCaptcha to work on my form, but I can't get it working. It displays fine, but it doesn't work and the user just clicks past it. The captcha is displayed on the form, but I have no clue as to what or where to add the ReCaptcha server-side key, or where to put the recaptcha code in CI's contact.php controller (which we used to push email). I don't want to setup a new DB table for CI's built-in captcha functionality, so it seemed like Recatcha was a good compromise. Experimented a bit with the Ajax implementation, and I can't get that to work either! I could realllllly use some guidance as I'm know I'm getting this close to working, thanks for any help here


I've inserted the following into my form, but unsure as to where I add this in the CI controller to actually get it to work (slightly edited here):

script type="text/javascript"
src="http://www.google.com/recaptcha/api/challenge?k=your_public_key">
/script>
noscript>
<iframe src="http://www.google.com/recaptcha/api/noscript?k=your_public_key"
height="300" width="500" frameborder="0"&gt;&lt;/iframe><br>
&lt;textarea name="recaptcha_challenge_field" rows="3" cols="40"&gt;
&lt;/textarea&gt;
&lt;input type="hidden" name="recaptcha_response_field"
value="manual_challenge"&gt;
</noscript>
#4

[eluser]lc317[/eluser]
Can someone recommend another forum, or place where I can get timely advice/assistance with setting up a basic recaptcha on a simple form? I am getting desperate here...fluent in HTML/CSS, just need some guidance in setting up the CI controller portion of the recaptcha implementation so it will function. Thanks
#5

[eluser]pickupman[/eluser]
A quick google search can go a long way. Here's a [url="http://ellislab.com/forums/viewthread/223099/#1026069"]ReCaptcha Library[/url] posted in the forums. Someone has linked their github repo with detailed instructions.

You need to validate the response from reCaptcha before sending the email.




Theme © iAndrew 2016 - Forum software by © MyBB