You should also consider blocking the stupid-long script at the server level. For Linux, use mod_security, and for Windows use URLScan 3. Some of those injections use common query strings that serve no legitimate purpose.
The "email to friend" function is really nothing more than an open proxy in my opinion, and I'd leave it turned off. Or at best, only enable it for users that have been members longer than "X" amount of days (as in months). That last one would probably require some if/then/else comments custom added into some files, or as a custom plugin. I use things like that to limit access to certain site features.
You could even leverage htaccess/web.config or in-file PHP to block certain /8 or /16 IP ranges, to prevent use of that file. One one of my sites, we've start to block the register.php page from China subnets, because something like 0.01% was legitimate. (An alternative contact form is available for those wrongly blocked, which allows manual account creation.)
@WEBDosser : "and a few from the US" ... and those were likely Chinese users from USA based VPS used as cheap VPN/proxy. Certain hosting subnets should also be blocked. You just have to be diligent about checking server logs, and spotting trends -- and then blocking the bad incoming traffic routes.
You can also limit mail at the mail server itself. cPanel has nice plugins from Config Server, to help with this. And then you can configure the mail server.
If you're on shared hosting -- and therefore have no real server access -- then this would be a good reason/excuse to migrate to a VPS. You simply need more control to block things as you see fit.
10-14-2012, 08:21 PM
Threaded Mode