Help finding a PHP programmer
January 1, 2006 10:18 PM   Subscribe

How does one go about finding a reliable, experienced PHP programmer for the odd small job? (more inside)

Currently, we have several scripts that are apparently being used maliciously by spammers and would like to hire a good PHP programmer to look at the scripts and add whatever is necessary to block them from being used maliciously.

Searching Google and even sites like guru.com are like trying to find a needle in a haystack when there's no way of even knowing what the needle looks like - it's easy to say you are qualified to do this sort of thing and even to conjure up some references, but how do you know that someone is legit and really knows how to handle something like this? Is this something simple that any good php programmer would know how to do? If so, where do you find a good php programmer for a small, quick job like this?
posted by shawnmk to Computers & Internet (10 answers total)
 
Exactly how are the scripts being used maliciously? Are they just web forms that they are being used by an automated form bot, or is it something more complex than that?
posted by charmston at 10:21 PM on January 1, 2006


Response by poster: We're not entirely sure how the scripts are being used maliciously - according to our webhost there are several thousand per day going through, so my guess is that it's an automated form bot and nothing too complicated. We've implemented a few things that various php sites have recommended, but without knowing a ton about php, the only way we have of knowing whether they'll be effective or not is if we get another email from our host about it. We'd like to find someone who is knowledgeable enough to look at the scripts/forms and make sure that the best methods (best practices) are in place for preventing this from happening.
posted by shawnmk at 10:30 PM on January 1, 2006


I'd be willing to take a look at it; I'm pretty well-versed in internet security and know my way around PHP. At one point in time I developed an open-source example script regarding form security, I'll see if I can dig it up from the archives. Shoot me an e-mail if you'd be interested.
posted by charmston at 10:51 PM on January 1, 2006


It seems unlikely that spammers would go to the trouble of cooking up a system to exploit scripts that only exist on your site, so would I be right to assume you're using some sort of third-party product? In that case, you might want to check for updates first, in case the security holes that are plaguing you right now have been fixed by the developer.
posted by Goblindegook at 12:41 AM on January 2, 2006


Of course, it could be simply a case of feeding a form and hoping for something to break, like charmston said, so form validation is crucial and could solve your problem. Hard to tell without knowing the exact nature of the attacks, really.
posted by Goblindegook at 12:46 AM on January 2, 2006


Response by poster: It's not a third-party product, per se, rather it is the php mail() function that drives the form(s). There are ways of helping to prevent forms that use the mail() function from being vulnerable.

I think the point of the question (and indeed the question itself) is being missed. I'd like to find an experienced php programmer that will work on projects (such as this one) on an hourly basis. From what I've been told by other programmers (not experts at php) is that this should be a quick, easy job for someone who knows what they're doing, the problem is finding someone.

I certainly appreciate the offers of help and suggestions, and I may very well contact charmston if I need to, but at this point, I'm still hoping to find a php programmer available periodically for jobs like this. I know there are plenty of graphic designers (my field) who can be recommended for quick easy tasks, so I'm hoping the same is the case for php programmers.

I do appreciate the offers of help and the questions - don't get me wrong - that's just not quite what I'm looking for at this point.
posted by shawnmk at 1:53 AM on January 2, 2006


One great place to look is your local php users group. They all have mailing lists and whatnot you can post to. Theoretically, craigslist should be pretty good as well.
posted by ph00dz at 5:36 AM on January 2, 2006


It's probably mail header injection, which is easy to prevent. You just check for newlines in the form input. There are a lot of bots that use mail header injection to send spam.

http://securephp.damonkohler.com/index.php/Email_Injection
posted by mboedick at 8:14 AM on January 2, 2006


Have you tried Craigslist yet? I was able to find a reliable web designer for a small project there, and I have heard that it's great for PHP stuff too.

Yes, you might have to weed through a few "let us outsource all your development to India" responses, but if you put "Local candidates only" in the ad, you might have better luck.

It's free (the gigs section, anyway) and usually worth a shot.
posted by drstein at 11:14 AM on January 2, 2006


You could hire me. :) Well, seriously, I'd be willing to look at the code. I apparently code PHP for a living.
posted by thanotopsis at 1:16 PM on January 2, 2006


« Older Fans of Dell: fans of Dell!   |   Did you know that Homer Simpson is a character in... Newer »
This thread is closed to new comments.