Anonymous email

Discussion in 'Gaming and Software' started by deadc0de, Sep 13, 2007.

Welcome to the Army Rumour Service, ARRSE

The UK's largest and busiest UNofficial military website.

The heart of the site is the forum area, including:

  1. Following on from my 'How to find anyones IP' thread/project I've knocked up an anonymous emailer in PHP*.
    Link ANONYMOUS EMAIL
    It works against Yahoo but not hotmail because they check originating domains so sending from @whitehouse.gov won't work for example and it will get marked as spam. :(
    Don't take the pi$$ with it or I'll pull it.
    In the meantime have fun! I did :wink:
    Please let me know of any domains it works against, gmail/lycos etc...

    *This is not 100% anonymous and shouldn't be treated as such, it's just a bit of fun so don't go waging a cyber-jihad or I'll put a jihad on you.
     
  2. Could a moderator delete this virus ridden fraudster's spamalot thread.

    Thanks
     
  3. Firstly HASBEEN you're under no obligation to use it.
    Secondly where in your limited wisdom did you spot any viruses??
    If someone used this for spamming I'd pull it, as already stated.
    Stick to what you know, in your case not a lot. Try the NAAFI forum instead.
     
  4. I don't see anything even remotely virus-ridden? :?

    It doesn't work for me, so far, though; do you get the bounces?

    Bit of fun as it is, spammers (even if exploiting web-to-mail scripts is a bit old hat now) love this sort of thing; good luck...
     
  5. That's cool. What domain did it fail with out of interest? A dozen folks have used it ok so far.
    I don't get the bounces btw. They go to fasthosts mailserver.
     
  6. technically the emails are not 'anonymous', as the IP can be traced to fasthosts servers anyway, but it's good fun though.

    what are you using? just the mail() PHP function or your own SMTP routines?
     
  7. Yeah they're not fully anonymous. It's just for fun.
    The type of person who spends time picking apart email headers isn't going to be fooled by a fake email but it was good enough for my friend who I contacted from the council demanding back-payments on council tax because he was in the wrong band...
    It's just plain old mail() function. Not very secure at all.
    You've done PHP uber, I want to use a session minimum time limit without a cookie to stop spammers and have tried the .htaccess line trick but my server/host threw a wobbly. How tis done please?
     
  8. I take it you want to stop spammers sending emails randomly from your script?

    If so, then dont bother with session time limits, I would implement an image verification code, basically you could use the GD library to create a dynamic image on the fly and store the code in a session, so users will have to type 'bv546ssh' or someother gobbledegook before they can send anything.

    although if you want to implement a time limit, usually sessions are stored as cookies but you could store a certain IP address on a mysql db and record the time they tried to send a message, but personally I would go the Image route - best method IMO.

    one more thing, if you use 'session_set_save_handler' you can store the session on the server, hence without a cookie, so use that with any method you choose.
     
  9. Cheers Uber. I have now updated it with a CAPTCHA image verification box.
    It's readable unlike some sites where you have to hedge your bets whether it's an l or a 1 etc.
    I'll leave my script up UFN now. I took it down last night just in case the URL started doing the rounds on IRC: "OMG. Chk dis wikkid skript. it well 31337, teh guy haz no CAPTCHA, n00b! etc etc" :roll:
     
  10. Alsacien

    Alsacien LE Moderator

    There are plenty of sites that will allow you to fully mask your IP address and to send anonymous email.
    Ask yourself why you want to do this.
    You will be exposing yourself and your computer to various things when accessing using these services. If you know what you are doing fine, but log on with a standard Windows installation at your peril.
     
  11. Fair point. Don't use windows!
     
  12. just performed a little check on your script, I personally wouldnt use any 'query strings' as in a matter of seconds I read the source and changed it from 5 characters to 2 characters - which gives spammers an easier time,perform everything within the php script.

    CaptchaSecurityImages.php has a pretty bad exploit - you wanna try and crash your server? hmm... all someone needs to do is put a really high number in 'characters' and it could potentially freeze the CPU.

    always use 'error_reporting(0);' when writing PHP scripts - so no one sees any errors on the page, seeing errors is good for debugging purposes, but not for final releases, doing some digging I've found the actual path to your scripts within the server, it may not seem like alot of info, but it's a start ;)

    also, data validation, dont just use slashes to escape strings, actually validate! so strip away any punctuation you dont actually need, for example:

    you could use:

    if(!eregi("^[a-z0-9]+$",$get_string))
    {
    }

    this will filter anything out that is not a letter or number, so any potential sql injection attacks could be thwarted! ;)

    only allow people to enter what they need to!
     
  13. Oooh look Mum I'm a hacker, ******* amatuers
     
  14. Dont you mean 'amateurs' :p
     
  15. Who'd of thought I'd end up getting a lesson in PHP security from arrse of all places :D
    Thanks. Your 'efforts' didn't go amiss yesterday either :wink:
    I've got my work cut out now...