• EN
    • FR
    • DE
    • IT
    • ES
  • Resellers
  • Affiliate program
  • About us
  • Green hosting
  • Job 4
  • News
  • Support
Infomaniak
  • EN
    • FR
    • DE
    • IT
    • ES
infomaniak infomaniak
Infomaniak
  • I want to...
    • Create an internet site
      • Create a site with WordPress Design a professional site in a few clicks.
      • Create a site with a CMS Create a Joomla, Drupal, PrestaShop, etc., site.
      • Create a site with a Web agency Find your ideal webmaster close to you.
    • Create an email address
      • 1 email free with 1 domain Create a personal email address in Switzerland with the domain of your choice.
      • 5 or more email addresses Create your professional email addresses in Switzerland with the domain of your choice.
    • Backup data
    • Transfer a domain name
    • Manage my emails online
    • Pay an invoice
    Quick actions
    • Compare hosting offers
    • Renew
  • Domains
    • Order Purchase your domain name at the best price.
    • Domain Privacy Protect the private data of your domains in Whois and block spam.
    • Transfer Relocate your domain to Infomaniak.
    • Renewal Warranty Secure your domains against loss and theft.
    • SSL certificates New Secure your sites with a Sectigo or Let's Encrypt EV or DV certificate.
    • Fast Anycast DNS New Speed up access to your site from anywhere in the world with just 1 click.
    Quick actions
    • Renew
    • Prices
    • Whois
    • Our tips
  • Hostings
    • Web & Mail
      • Web + Mail Hosting Special Offer Create your sites and professional email addresses with our flagship offer.
      • Mail Hosting Create your professional email addresses and sync your contacts and calendars.
      • Web Hosting Create your internet sites (without email).
      • WorkSpace Discover the Swiss webmail for SMEs which synchronises your emails, calendars and contacts.
    • Dedicated and Cloud servers
      • Managed Cloud Server Create your sites with 100% dedicated resources.
      • Unmanaged Cloud Server Create your Linux/Windows server with 100% dedicated resources.
      • Jelastic Cloud New Create your bespoke Cloud infrastructure (Java, Node.js, Ruby, Docker, etc.).
      • Very High Availability Hosting Use the same technology as the world's most visited sites (custom SLA).
    • Housing / Datacenter
    Quick actions
    • Compare hosting offers
    • Renew
  • Drive
  • Backup and storage
    • Swiss Backup Back up your servers, workstations and files in a datacenter in Switzerland.
    • Infomaniak Drive New Store, collaborate and share your files wherever you are.
    • Synology NAS Rent a NAS in a secure datacenter in Switzerland.
    • SwissTransfer.com Share large files up to 50 GB for free.
    Quick actions
    • Renew
  • Marketing & Events
    • Newsletter Send your newsletters and manage your email marketing with an easy-to-use tool with no subscription.
    • Guest manager Efficiently manage the invitations to your events.
    • E-ticket box office Create your online box office for your professional events (festivals, seminars, etc.).
    Quick actions
    • Renew
  • Multimedia
    • Audio streaming (web radio) Create your online radio and freely monetise your live podcasts, etc.
    • Video streaming (web TV) Create your online TV and freely monetise your live broadcasts.
    • VOD/AOD Easily host and integrate your videos, podcasts, etc. on your site.
    Quick actions
    • Renew
  • Support
    • Knowledge base
    • Contact us
    • Pay a bill
  • Subscription
Sign in
  • Manager login
  • Subscription
  • Sign in
    • Workspace

      Webmail, contacts, calendar

    • Manager

      Managing Infomaniak products

Knowledge base

1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!

Knowledge base Avoiding that a contact form (formmail.pl or other) be exploited for sending out spam

    Avoiding that a contact form (formmail.pl or other) be exploited for sending out spam

    Spammers easily spot pages containing a contact form (contact or feedback for example) that sends an email. They then look for the presence of a flaw: many contact forms do not check the presence of a carriage return in certain fields, in particular in that of the sender's email address to be completed in the forms.


    Actions to be carried out


    Whatever happens, we act down the line: we filter the carriage returns located in the headers using the PHP mail() function. However you must:
    • protect your mail sending scripts with a CAPTCHA system or by inserting an explicit restriction of recipients.
    • when sending an email via the PHP mail() command, make sure that the arguments provided have been confirmed prior to their use. The values received from a form must be checked before they are used by the mail() function.
    • replace potential carriage returns in each one of the fields that should normally contain an email address (this field is often called $email, $sender or $from):
    $EMAIL = str_replace("\n", "", str_replace("\r", "", $EMAIL));


    More information


    Spammers exploit scripts such as this:
    $MESSAGE = $_POST[msg];
    $RECIPIENT = "webmaster@votredomaine.com";
    $SUBJECT = "Formulaire de contact";
    $EMAIL = $_POST[email];

    // Sans cette ligne votre script est exploitable !!!!
    $EMAIL = str_replace("\n", "", str_replace("\r", "", $EMAIL));

    mail($RECIPIENT, $SUBJECT, $MESSAGE, "From: $EMAIL");



    Link to this FAQ:
    Has this FAQ been helpful?
    Thank you for your feedback. Improve this FAQ?
    Please do not ask any questions through this form, it is only used to improve our FAQ.
    Please use our contact form for any question.
    Your message has been sent. Thank you for suggesting an improvement to this FAQ.
    Display all FAQs for this product

    Infomaniak

    Blog About us Support Knowledge base Site map General Sales Conditions & Data Policy

    Swiss hosting provider

    Wordpress hosting Web Hosting Mail Hosting Cloud Server / VPS SSL certificates

    Domains

    Register a domain Transfer a domain Whois domain Renewal Warranty Domain Privacy Fast Anycast DNS Report an abuse

    Professional tools

    Synology NAS Newsletter tool Video streaming live Live Audio Streaming Housing and colocation Guest manager

    Green hosting

    Certificates and rewards Environmental commitments
    • swissmade
    • ISO 50001 – Energy Management
    • ISO 14001 - Environmental Management
    • ISO 14001 - Environmental Management
    • Infomaniak
    • Support
    • Knowledge base
    • Avoiding that a contact form (formmail.pl or other) be exploited for sending out spam
    Service status
    News
    About us
    Ecological charter
    Join us!
    Your browser is outdated, security and browsability are no longer guaranteed. We recommend that you update it as soon as possible by clicking here.