19 May 2010 ~ 1 Comment

Sending spam e-mail using a simple PHP method.

Development How To's

A quick post on how to send spam e-mail using a PHP method.  Also, don’t use this form as a normal contact form as it has no security built in.

NOTE:  First in some cases the client will receive an e-mail that looks spoofed.  In this case you can make an e-mail look like it has been sent from someone other than you.  Second, in some cases the client will receive an e-mail from your server.  In either case DO NOT USE THIS MALICIOUSLY because….it’s very easy to be caught.  If someone were to examine the details of the e-mail in either case it would show your server and you would be traceable.

<code>

<!— sampleSpamForm.php

Note:  All of this code should be placed on a single page.  If you look below you will see that the form will post to itself, after the post if the email field is set then it will send the email.  If not then it will display the form.

—>

<?php
if (isset($_REQUEST['email']))
//if “email” is filled out, send email
{
//send email
$to = “email to send to”;
$from = “email you want the email to appear to be sent from”;
$name = $_REQUEST['name'] ;
$email = $_REQUEST['email'] ;
$subject = $_REQUEST['subject'] ;
$message = $_REQUEST['message'] ;
$headers = “From: $from”;
$body = “$message $name”;
mail($to,$subject,$body,$headers);
echo “Thank you $name for using the spam form.”;
}
else
//if “email” is not filled out, display the form
{
echo “<form method=’post’ action=’spam.php’>
Name: <input name=’name’ type=’text’>
<br>
Email: <input name=’email’ type=’text’>
<br>
Subject: <input name=’subject’ type=’text’>
<br>
Message:
<br>
<textarea name=’message’ rows=’15′ cols=’40′> </textarea>
<br>
<input type=’submit’ />
</form>”;
}
?>

</code>

Share|
Author:
  • http://N/A gilsal

    Hey, saw this blog and figured I’d toss this in your direction incase anyone ever needs to place simple security on their php scripts. Latest version of php, if I am not mistaken have some built in functions to counter sql injection for “froce brute” hacking. As for added security this snippet will remove all lines that resemble code or tags.

    strip_tags($_POST['name']);

    This is easy way of dis allowing users to be able to create formatting code or sql injections, but what if you should want the user to be able to implement formatting as this.

    Hello all,

    Small Town Geeks is a great tech/blog site!

    - Gil

    Then you will need this in your code. $message = nl2br(strip_tags($_POST['message']));

    The nl2br keeps the formatting and replaces them with html tags. Again strip_tags is still used to prevent hard code and sql injection.

    Both these methods add just a little more user support and security. Of course like always never one way to implement security.

    Side note if you do intend to make a spam email as to harass friends and coworkers (*Caution not always safe for work*) be sure to include a counter and decrement or increment depending on your setup. I seem to remember someone create this same function and forgetting to add a decrementing counter and flooded one user and a mail server with 400 email in under 30 seconds.

    Anyways keep up the great work!

Slider by webdesign