I searched the wiki and the forums and on both is said that enabling mod_security will make your site more secure and all.
Right now I'm tweaking templates for a postcard PHP script (Im not a php coder) and I'm concerned about it being victim of bcc data injection.
With mod_security enabled, the recipient field would be striped from anything else after the email address?
With modsecurity it is possible to scan the POST or GET body for bcc:, cc:, or to: and reject any request that contains those letters. To protect aginst main injection, add the below rule to your modsecurity setup.
SecFilterSelective ARGS_VALUES "\n[[:space:]](to|bcc|cc)[[:space:]]:.*@"[/color]"
I'm also trying to figure out how to implement a CAPTCHA (freeCap) into the "preview/send" page but like I said, Im not a PHP coder and Im struggling to find out how to do it.
Save $96 dollars when you sign up! -> 96DISCOUNT