PXS Mail Form - WP Plugin
This is the archive of comments left for the PXSmail plugin. They were moved here to help the page load speeds.
Return to the current page for comments and info here.
Additional Related Entries
PXS Mail Form - WP Plugin150 Responses to “PXS Mail Form - WP Plugin”
Pages: [15] 14 13 12 11 10 9 8 7 6 5 … 1 » Show All
Pages: [15] 14 13 12 11 10 9 8 7 6 5 … 1 » Show All
#150
Ok, thats fine so just to confirm, for the ‘referrer checking’, the script should check that the POST data originated on the server itself and if there are any red flags raised anywhere, the script should just stop and not bother to send the junk?
Comment by Phrixus — 14/9/2005 @ 7:59 am
#149
No I don’t think logging is that important, at least not for me and clients I have set up with WP and this great plugin
Comment by Justin Perkins — 14/9/2005 @ 3:06 am
#148
Good points Justin, would it also be useful to maintain a basic log perhaps that could be viewed in the control panel? Something along the lines of registering the number of mails sent, the number that were red flagged and the number of mails that didn’t pass the referrer check? If so, would just a basic count be preferable or a more detailed output?
Comment by Phrixus — 13/9/2005 @ 10:12 pm
#147
Just checking the HTTP_REFERER server variable is all that is needed, maybe comparing it against some other server variables like SERVER_NAME and/or SCRIPT_NAME would be a good comparison that doesn’t require hardcoding the expected referring URL.
I would even go so far as to raise a red flag not to send the email at all if any fields have a carriage return in them (except the message field). Maybe that’s a better approach since just stripping unwanted characters doesn’t stop the spam from arriving in my inbox.
Comment by Justin P — 13/9/2005 @ 8:54 pm
#146
Hi Justin, the post does not do any referrer checking. If you have any ideas for implementing this. I would be happy to look into it.
Comment by Phrixus — 12/9/2005 @ 10:12 pm
#145
Thanks for the quick response Phrixus, I’m curious if your update does any referrer checking on the post?
I’ve fixed the carriage return vulnerability, but am still getting flooded with junk mail from kiddies attempting to exploit this issue.
Comment by Justin P — 12/9/2005 @ 9:30 pm
#144
PXS Mail Form
Phrixus
Has updated their email contact form plugin, built off of Ryan Duff’s excellent wp-contactform plugin. PXS includes additional checks over the original plugin, as well as the option to turn off the embeded CSS, and use your own.
…
Trackback by WordPress Station — 12/9/2005 @ 7:04 pm
#143
PLUGIN UPDATED
See the main post above for details of changes and the option to download the new version.
Comment by Phrixus — 12/9/2005 @ 6:50 pm
#142
This contact form is vulnerable to form hacking, explained better here:
http://www.anders.com/cms/75/Crack.Attempt/Spam.Relay
A new version should be released ASAP to correct this gaping vulnerability.
Comment by Justin Perkins — 12/9/2005 @ 3:27 am
#141
Phrixus, I feel like an idiot but I figured out the problem. I had copied the options-pxsmail.php into the /wp-content/plugins/ directory and not the /wp-admin/ directory. So should anyone else do a bonehead install of this plugin, the fix would be to follow the instructions more carefully. Works great now, Thanks.
Comment by Jason — 12/9/2005 @ 1:35 am