[Phpwm] First Steps in designing.
Chris Allen
pickledegg at hotmail.co.uk
Wed Sep 6 10:39:46 BST 2006
I thought I'd ask what other folks' approach to designing a reasonably
complex application such as an ecommerce site was.
I start by putting pen to paper and scrawling diagram after diagram, but I
still find further on down the line that I have to redo a lot of stuff that
I have failed to plan correctly.
Is this because I'm crap at planning, or do other folk have similar
occurences? :)
Has anyone got any good links to resources on software engineering, that
might be a good start!
>From: phpwm-request at mailman.lug.org.uk
>Reply-To: phpwm at mailman.lug.org.uk
>To: phpwm at mailman.lug.org.uk
>Subject: Phpwm Digest, Vol 33, Issue 3
>Date: Wed, 06 Sep 2006 09:15:09 +0100
>
>Send Phpwm mailing list submissions to
> phpwm at mailman.lug.org.uk
>
>To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.lug.org.uk/mailman/listinfo/phpwm
>or, via email, send a message with subject or body 'help' to
> phpwm-request at mailman.lug.org.uk
>
>You can reach the person managing the list at
> phpwm-owner at mailman.lug.org.uk
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of Phpwm digest..."
>
>
>Today's Topics:
>
> 1. Simple question from a beginner (Mo Awkati)
> 2. Re: Simple question from a beginner (David Goodwin)
> 3. RE: Simple question from a beginner (Phil Beynon)
> 4. RE: Simple question from a beginner (Phil Beynon)
> 5. Re: Simple question from a beginner (David Goodwin)
> 6. Re: Simple question from a beginner (Kev)
> 7. timeout (alan dunn)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Tue, 5 Sep 2006 17:28:59 +0100 (BST)
>From: Mo Awkati <mawkati at yahoo.co.uk>
>Subject: [Phpwm] Simple question from a beginner
>To: Phpwm at mailman.lug.org.uk
>Message-ID: <20060905162859.26489.qmail at web25707.mail.ukl.yahoo.com>
>Content-Type: text/plain; charset="iso-8859-1"
>
>Hi folk
>
>I don't know if I introduced myself, I am not sure. I am a Linux user for a
>handful of years, and only recently started using PHP to put simple code on
>our church website. I am not an expert programmer though I hope to be one
>day when all my other commitments allow me!!!
>
>My question: I have a simple phpmail script as part of a feedback form. I
>keep getting spam email to my webmaster email address. I have removed all
>links on the website to this email address, so the only source I could
>think of is from the phpmail script. Any suggestions on how I can stop
>unsolicited emails? The spam emails don't use the form.
>
>Thanks for any help.
>
>Mo
>
>
>---------------------------------
> The all-new Yahoo! Mail goes wherever you go - free your email address
>from your Internet provider.
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://mailman.lug.org.uk/pipermail/phpwm/attachments/20060905/e8364e4d/attachment-0001.html
>
>------------------------------
>
>Message: 2
>Date: Tue, 5 Sep 2006 20:10:23 +0100
>From: David Goodwin <david at codepoets.co.uk>
>Subject: Re: [Phpwm] Simple question from a beginner
>To: West Midlands PHP User Group <phpwm at mailman.lug.org.uk>
>Message-ID: <20060905191023.GA31834 at codepoets.co.uk>
>Content-Type: text/plain; charset=us-ascii
>
><snip>
> >
> > My question: I have a simple phpmail script as part of a feedback form.
>I keep getting spam email to my webmaster email address. I have removed all
>links on the website to this email address, so the only source I could
>think of is from the phpmail script. Any suggestions on how I can stop
>unsolicited emails? The spam emails don't use the form.
> >
>
>I'm not sure how this is a PHP question; but nevertheless...
>
>1) Can you change the email address to somethingelse at yourdomain.com and
>update the form - does this help?
>
>2) _If_ the mail is being sent through the form, change the form so it
>requires some sort of human step - e.g. users have to complete a
>mathematical sum before the form will submit the mail?
>
>3) If there have been links to the email address on the web, removing
>links to it is unlikely to achieve anything - search engines will have
>grabbed it, and spammers will have it on their database.
>
>
>thanks,
>
>David.
>
>--
>David Goodwin
>
>[ david at codepoets dot co dot uk ]
>[ http://www.codepoets.co.uk ]
>
>
>
>------------------------------
>
>Message: 3
>Date: Tue, 5 Sep 2006 18:10:50 +0100
>From: "Phil Beynon" <phil at infolinkelectronics.co.uk>
>Subject: RE: [Phpwm] Simple question from a beginner
>To: "West Midlands PHP User Group" <phpwm at mailman.lug.org.uk>
>Message-ID:
> <MDBBIMBGKCJEJKIHMENGMEKNKGAA.phil at infolinkelectronics.co.uk>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
> Hi folk
>
> I don't know if I introduced myself, I am not sure. I am a Linux user
>for
>a handful of years, and only recently started using PHP to put simple code
>on our church website. I am not an expert programmer though I hope to be
>one
>day when all my other commitments allow me!!!
>
> My question: I have a simple phpmail script as part of a feedback form.
>I
>keep getting spam email to my webmaster email address. I have removed all
>links on the website to this email address, so the only source I could
>think
>of is from the phpmail script. Any suggestions on how I can stop
>unsolicited
>emails? The spam emails don't use the form.
>
> Thanks for any help.
>
> Mo
>
>
> Hello Mo,
> There's a number of things that could be happening that could cause this
>for you.
> If you have a "catchall" email address set up on the site then any email
>address sent to the site will be accepted by the server.
> Also there are a number of "always valid" email addresses that the
>server
>will have set up such as postmaster@ admin@ etc, spammers know these will
>be there and will often use them hoping they will be read.
>
> The options are either to live with it, use spam filtering on the server
>and risk losing some valid emails - in that often major ISPs such as
>Telewest and BT get blacklisted by these sites or if you have some access
>to
>the server use the hosts.deny file to block IP ranges where you never
>expect
>to get valid email from.
> As and example of this I've blocked pretty much anywhere thats not
>European, North American or Australasian on my servers - and customers have
>been told that. Spam still gets through, but nowhere near as much.
>
> If you want to have an email address on a page and render it invisible
>then embed it into a graphic and use that to trigger a form submit to stop
>it being culled by spam harvester robots.
>
> Be careful using "simple" PHP feedback scripts, if they are the usual
>sort
>of crap off somewhere like hotscripts.com then there are also harvester
>robots looking for instances of the file on websites whihc they will then
>exploit for sending more spam.
> I saw that on one of my customers sites a few days ago, first thing I
>knew
>about it was when I started getting a load of admin level bounces coming
>through, and I had to waste hours tracking it down.
>
> Phil
>-------------- next part --------------
>An HTML attachment was scrubbed...
>URL:
>http://mailman.lug.org.uk/pipermail/phpwm/attachments/20060905/61f0efa2/attachment-0001.html
>
>------------------------------
>
>Message: 4
>Date: Wed, 6 Sep 2006 01:28:39 +0100
>From: "Phil Beynon" <phil at infolinkelectronics.co.uk>
>Subject: RE: [Phpwm] Simple question from a beginner
>To: "West Midlands PHP User Group" <phpwm at mailman.lug.org.uk>
>Message-ID:
> <MDBBIMBGKCJEJKIHMENGCELJKGAA.phil at infolinkelectronics.co.uk>
>Content-Type: text/plain; charset="us-ascii"
>
>
> > > My question: I have a simple phpmail script as part of a
> > feedback form. I keep getting spam email to my webmaster email
> > address. I have removed all links on the website to this email
> > address, so the only source I could think of is from the phpmail
> > script. Any suggestions on how I can stop unsolicited emails? The
> > spam emails don't use the form.
> > >
> >
> > I'm not sure how this is a PHP question; but nevertheless...
>
>If it educates just one person that using poorly written exploitable
>scripts
>is a bad thing then its meritable and worth an answer and assistance.
>That person will then hopefully learn from the experience and write their
>own future code in a non exploitable way.
>
>Spammers only exist anonymously by being able to exploit and steal the
>internet resources of others, be that scripts, security holes, badly
>patched
>or configured servers or whatever.
>Since no one outside the genuine internet community really gives two hoots
>about the problem, be that law enforcement or politicians, a question like
>this should be able to be asked, and hopefully answered, on any user group
>forum, more so when the person has stated they are a beginner and may not
>be
>fully aware of the long term ramifications of potentially exploitable code
>they write or download and use.
>
>Phil
>
>
>
>
>------------------------------
>
>Message: 5
>Date: Wed, 6 Sep 2006 06:09:27 +0100
>From: David Goodwin <david at codepoets.co.uk>
>Subject: Re: [Phpwm] Simple question from a beginner
>To: West Midlands PHP User Group <phpwm at mailman.lug.org.uk>
>Message-ID: <20060906050926.GA4245 at codepoets.co.uk>
>Content-Type: text/plain; charset=us-ascii
>
> > Be careful using "simple" PHP feedback scripts, if they are the usual
>sort
> > of crap off somewhere like hotscripts.com then there are also harvester
> > robots looking for instances of the file on websites whihc they will
>then
> > exploit for sending more spam.
> > I saw that on one of my customers sites a few days ago, first thing I
>knew
> > about it was when I started getting a load of admin level bounces coming
> > through, and I had to waste hours tracking it down.
> >
>
>As in the good old 'classic' email header injection where someone
>forgets to sanitise input properly.... see :
>
>http://www.securephpwiki.com/index.php/Email_Injection
>
>David.
>--
>David Goodwin
>
>[ david at codepoets dot co dot uk ]
>[ http://www.codepoets.co.uk ]
>
>
>
>------------------------------
>
>Message: 6
>Date: Wed, 6 Sep 2006 06:49:59 +0100
>From: Kev <php at beachboy.co.uk>
>Subject: Re: [Phpwm] Simple question from a beginner
>To: West Midlands PHP User Group <phpwm at mailman.lug.org.uk>
>Message-ID: <200609060649.59707.php at beachboy.co.uk>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>I thought it was a valid question.
>
>It just so happens that I have copied across someone's old website over to
>my
>webserver yesterday. There is an old non-PHP webform on it, that hasn't
>been
>updated in probably 4 years. If I replace it with a piece of PHP code, that
>I
>find on the internet, just how do I know that it's safe/secure?
>
>Kev
>
>
>
>------------------------------
>
>Message: 7
>Date: Wed, 06 Sep 2006 09:33:08 +0100
>From: alan dunn <alan at dunns.co.uk>
>Subject: [Phpwm] timeout
>To: phpwm <phpwm at mailman.lug.org.uk>
>Message-ID: <44FE87C4.8080104 at dunns.co.uk>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>This is not a php issue - but one of you might have an answer!
>
>We are accessing postgres with ms access via pgsql's odbc driver.
>The link times out after a frustratingly short time. Does anyone have
>any idea where that timeout is set?
>
>thanks, alan dunn
>
>
>
>------------------------------
>
>_______________________________________________
>Phpwm mailing list
>Phpwm at mailman.lug.org.uk
>https://mailman.lug.org.uk/mailman/listinfo/phpwm
>
>
>End of Phpwm Digest, Vol 33, Issue 3
>************************************
_________________________________________________________________
The new Windows Live Toolbar helps you guard against viruses
http://toolbar.live.com/?mkt=en-gb
More information about the Phpwm
mailing list