So a client has a great new video site. And as it attracts users, it attracts unsavory script kiddies from across the globe – probing the system for weaknesses and always it seems trying to send nonsensical spam. The first thing they do is create a user account to get into the members area. We always get a heads up because inevitably they use a bogus email address, and in turn the registration notice bounces back to info@. The client then forwards to me and I delete the bogus users from the DB. I always notice in succession they try and stuff additional mail headers into the database. The input gets truncated because of the length and thus far appears to be a fairly harmless nuisance.
Email Address Validation for PHP Registration Form
June 7th, 2007