This page documents the ATTACK_DETECTION_DUPS configuration setting in FormMail.
Type Of Setting
ATTACK_DETECTION_DUPS is an OPTIONAL setting, which means...
 |
OPTIONAL |
you can change this setting if you need to, but the default
value is fine for most
circumstances.
|
Précis
Controls the "duplicate data attack" detection.
Description
Set ATTACK_DETECTION_DUPS to the list of fields on your forms
that should not have duplicate values.
One annoying attack on HTML forms scripts is to submit an email address in
every field, with the aim of getting the script to send email to
someone via your server.
Note that Tectite FormMail has always been invulnerable to this type of
attack - your server is safe with Tectite FormMail.
The purpose of the ATTACK_DETECTION_DUPS setting is to allow
you to ignore these attacks (no errors or alerts will be sent to you)
and to send the user/attacker to an explanatory page.
If you use one form on your server, just list some or all of the fields
that should never contain duplicate data. For example, a person's
name is never the same as their address or their email address.
If you use more than one form, you can list fields from each of
them or just use a common set.
FormMail ignores empty or missing fields when performing this particular
abuse detection. This means it is fine to list field names you don't actually
have on a form.
If you don't want FormMail to perform this particular attack detection,
set it to an empty array like this:
$ATTACK_DETECTION_DUPS = array();
The default value contains a list of common fields you might want FormMail to check
for duplicate data. Use this list unless you think it's valid for a user to put
the same data in any of these fields. If your fields have different
names, change the names.
Do not list checkbox, radio button, or select fields that have
simple values such as "yes", "no", "0", "1". Only list fields
that will have long and unique values.
$ATTACK_DETECTION_DUPS = array("realname","address1","address2",
"country","zip","phone",
"postcode","state","email");
See Also
ENABLE_ATTACK_DETECTION
|