I see.. Sorry about that... The form is still very exposed to other exploits other than this problem...
Submit Your Article
Forum Rules
I see.. Sorry about that... The form is still very exposed to other exploits other than this problem...
Web Designer and Custom Spider Creator
eCommerce and shopping cart information
Originally Posted by shannonlp
The originator of this thread seems to be satisfied with the host's statement that there is no problem with the script.
You might consider sending a private message to Deb, so as to make sure that it comes to her attention, by using the link at http://www.webproworld.com/web-progr...xploited.html# , detailing your findings.
Just because her present problem is not owing to such vulnerabilty, does not mean that such will never be the case.
Deb,
A couple of things we can recommend without giving away too many tricks.
You can add The Official CAPTCHA Siteimage verification and it will help a bit, per the other posts.
You should ensure your host has mod_security enabled with BCC and other form attack rules in their list.
You should set bounced email to fail [in case you have a default email address setup, change it to fail]. Ask your host if they are "verifying existance of mail senders". this is recommended.
Rename your form to something other than "contact" or "form" and more importantly rename your processing script to something completely different. [We believe bots are actually looking for words "form" etc].
Even if you are not experiencing these attacks from your form, what ever is causing these issues should be addressed with your web host in more depth. They can review logs to see why/how this is happenening and should be able to offer the best advice depending on what security scripts and policies they have in place.
Regards.
cPages - Desist from posting please - I know what you are attempting and I have removed your sig.
Posting Permissions
Reply With Quote