PHP: Email Sanitization code.

So the principal thought behind this is to have a function that determines weather an email address is crap or not crap based on the functions return. Return 1, your email is bad juju, return anything else your fine.

So an example of usage:

Your going to import email leads from a database and you need to check weather the email address is valid.

Query DB -> Grab $Info + $email -> sanitize($email)
-> return(1) -> Notify of Deletion -> Query(Delete($emails))
-> return(x) -> Notify of Completion -> Query(insert($info + $email))

Php Code starts here:

/* Character Omission:
!@#$%^&*()`'/\{}~ ,<>":;[] (and unicode characters like §, ™, ®, ⚛, ⚡, ö, π, and the like)

(1) ."a" is appended due to a bug in php. Found:
http://www.php.net/manual/en/function.mb-detect-encoding.php#81936 
*/

function sanitizer($email){
    $email = explode('@',$email);
    $intergity = count($email);
    if($intergity <= 2){
 $email = $email[0].$email[1];
 $email = preg_split('//', $email, -1);
 foreach($email as $char){
      if( mb_detect_encoding($char.'a', "auto") == "ASCII")
      {switch($char){ 
  case '!': { return 1; break; }
  case '?': { return 1; break; }
  case '@': { return 1; break; }
  case '#': { return 1; break; }
  case '$': { return 1; break; }
  case '&': { return 1; break; }
  case '^': { return 1; break; }
  case '>': { return 1; break; }
  case '<': { return 1; break; }
  case '&': { return 1; break; }
  case '*': { return 1; break; }
  case '(': { return 1; break; }
  case ')': { return 1; break; }
  case '`': { return 1; break; }
  case "'": { return 1; break; }
  case '/': { return 1; break; }
  case '\\': { return 1; break; }
  case ' ': { return 1; break; }
  case '{': { return 1; break; }
  case '}': { return 1; break; }
  case '~': { return 1; break; }
  case ',': { return 1; break; }
  case '"': { return 1; break; }
  case ':': { return 1; break; }
  case ';': { return 1; break; }
  case "[": { return 1; break; }
  case ']': { return 1; break; }
  default: {break;}}
     }else{return 1;}
        }
    }else{return 1;}
}

if(!sanitizer('test@test.com') == 1)
{ echo "it works"; }else{ echo "nope, crap";}
?>"

So Its Basically a few "if" statements to check logic of an email, another "if" statement combined with a encoding function then to round it out with a case statement. Obviously this is left really open for you to add your own status codes and such with the returns.

Apache ServerSignature tutorial

Sometimes webserver security comes down to not providing information to an attacker. In terms of Apache2 masking the signature can be a very critical piece. Below I will explain how to mask the signature and how to verify its masked with nmap.

Stock Apache2 install:
$>sudo nmap -PO -A -O -vvv 192.168.2.75
... Text ...
80/tcp   open  http        Apache httpd 2.2.11 ((Ubuntu) DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g)
.... More Text ....
443/tcp  open  ssl/http    Apache httpd 2.2.11 ((Ubuntu) DAV/2 SVN/1.5.4 PHP/5.2.6-3ubuntu4.5 with Suhosin-Patch mod_ssl/2.2.11 OpenSSL/0.9.8g)                                         
.... More Text ....

We don't want to give that information to 3rd parties or even worse hackers. So we will do the following below:

$>sudo nano /etc/apache2/apache2.conf
ServerSignature Off
ServerTokens Prod
$>sudo /etc/init.d/apache2 reload

Muted Apache2 server now:

$>sudo nmap -PO -A -O -vvv 192.168.2.75
...NMAP Text ...
80/tcp   open  http        Apache httpd 
.... More Text ....
443/tcp  open  ssl/http    Apache httpd                                          
.... More Text ....

For alternative modifications I would suggest looking at:
http://httpd.apache.org/docs/2.2/mod/core.html#servertokens
http://httpd.apache.org/docs/2.2/mod/core.html#serversignature

:) Hope this provided some insite