tvspec

Good idea. I will try that. In addition, how can I also verify the refferer using $_SERVER['HTTP_REFERER'] in my script? I'm not sure how to use it.

I don't think that worked. If it had worked, would I get the echo "referring page required" when I go directly to the php-scripted page where the form is sent to? Right now, anyone who goes to that page..automatically sends a blank form.

If I use this - shouldn't that help? if(!isset($_SERVER['HTTP_REFERER']) || isempty($_SERVER['HTTP_REFERER']) || $_SERVER['HTTP_REFERER'] == ''): echo "Referring page required."; exit; endif; do I need to set somewhere what page is actually using it?

So how would I write that in my script?

No, the email addresses are not hidden fields in the previous page, they are in the processing script after it is submitted. How can I check the referrer page - I bet that'll fix the problem, because when I look back at pages visited - the page with the original form was not visited...

My form is created with php and is handled through php - within the past day I have received bogus information through them - up to about 30 an hour all from different IP address in Texas, New Jersey, California, and Colorado. It seems hopeless to try and block all the ip address because they change - but it seems there are only a handful of service providers, which I've notified through their abuse and tech emails. What can I do so that I can stop getting these? The info that has been submitted is similar to this (mydomain was edited from my real domain name): Here is what was submitted : Name: pmcf@**** Content-Type: multipart/mixed; boundary=\"===============0458757291==\" MIME-Version: 1.0 Subject: 1072bf53 To: pmcf@**** bcc: jrubin3546@aol.com From: pmcf@**** or here's another: Here is what was submitted : Name: hddbofuxk@**** Preferred way to be contacted: hddbofuxk@**** Email: hddbofuxk@**** Phone #: hddbofuxk@**** Comments: hddbofuxk@****

Thanks for both of your inputs. Personally, I would spend the extra money for the SSL and certificate - but I'm trying to give the person whom I'm proposing a design to - the different options. And yes, they are on a shoe string budget.

If I only enable Pay Pal on OsCommerce - that appears that it takes you to the Pay Pal website and they can then proceed to pay with or w/o a paypal account. If I give pay pal as the only option - then I shouldn't need SSL - correct?

Yeah - I've been surfing through those. A lof of them don't have demo's though and I don't want to install the entire thing 'hoping' it's what I want. I was hoping someone had some suggestions or had used some themselves.

So then, if I understand, the only real vulnerability would be the customer name, address, etc? (not the credit info)

I will be doing picture polls (voting on favorite pics) and a few other things - where the poll can be implemented directly onto an XHTML/CSS page. Does anyone have any recommendations of a free script I can use - and perhaps a demo I can view? Thanks!!

From what I understand, the site that someone wants me to do only has about 7 products on it. I'm fairly certain there won't need to be an inventory-count database behind it. What vulnerability issues could there still be? With OsCommerce, it appears to me that the only thing I would be worried about is people getting into customer info. Do you know if OsCommerce keeps credit card info?

And with the SSL certificate I shouldn't have to worry about other security vulnerabilities - correct?

I've been reading a lot of posts about shopping carts and SSL and certificates. I just want to make sure I understand this alright. The basic things you need to do e-commerce are: 1)Shopping cart/catalog system (which you can do with OsCommerce that TCH offers) 2)SSL Certificate to use in conjunction with the shopping cart/catalog system - to make the transactions secure. Basically, I'm very concerned about doing an e-commerce site for someone else, because I don't have enough experience in doing it, and I'm afraid of credit card vulnerability issues, etc. Are those the two basic things you need to do e-commerce?

I just found out about this default email account, and I have over 11,000 messages. Is there a way I can just go in and delete them all rather than deleting only 15 or 20 at a time in one of the web mail services? There has got to be a way to empty the entire box. Please advise. Thanks

So, if someone sends an email that goes to the default email box, is there a way that it can bounce the email back with a message that the email address does not exist, then completely delete the message? The way it is now, if the smpt does not accept the message, people might assume something is wrong with the server and keep trying, whereas in reality they've typed a wrong address. Is there an easy way to fix this?

My company is thinking about having our domain (www.tvspecialists.com) which is registered through Network Solution change hosting companies to an account here. What my company is concerned about - because they have been hosting in-house - is that if we change hosting companies - that we will still have full rights to the domain. (We would just change the DNS server settings to point to the hosting server here) Can you please confirm this.