View Full Version : Attack_detection_many_urls
25-Feb-2007, 04:54 PM
is there an easy way I can have this feature redirect to the same URL as my bad_url?
25-Feb-2007, 05:48 PM
Did you check this (http://www.tectite.com/vbforums/showthread.php?t=1468&highlight=url) post? I have not had this problem and do not really understand why they would want to spam in this way unless the form has an auto responder. Are they just hitting a lot of forms hoping to hit an auto responder?
25-Feb-2007, 07:05 PM
I like the feature. I just dont want it give the spammers any special knowledge about what program I'm using to send mail. Right now if the spammer tries to submit a message with hyperlinks, they get an error message, and in the address bar of the browser, they can clearly see the URL to my formmail.php. They also see that I am using tectite formmail, because the error tells them so. I think there are possibly other formmail errors that might do this same thing, and I don't want them to do this. I want ALL errors to redirect to my bad_url "../.../error.htm".
25-Feb-2007, 10:05 PM
In the next few days we'll be releasing a new version of FormMail.
We'll add a configuration that lets you specify a URL to be used when an attack detection has occurred, instead of the current minimalist page.
02-Mar-2007, 11:57 AM
OK, FormMail version 7.14 has a new configuration that allows you to specify a URL to redirect to when an attack detection occurs.
In addition, the default page now has a link to this informative page: http://www.tectite.com/serverabuse.php
(Of course, this default is the opposite of what you're wanting. But, you can redirect to any page now.)
03-Mar-2007, 07:17 AM
Thanks for the new features. I have upgraded already today. I have another question for you, but I'll start a new thread with it.
03-Mar-2007, 08:58 AM
Well, I was going to start a new thread, but then I thought my question is still related to this subject, so here goes...
It seems that the attack_detection_many_urls is looking for "http://", and I'd like it to consider "<a href="" an attack as well. If a spammer leaves out the http://, then the form sends the email. Having the <a href=" designated as an attack would prohibit this.
03-Mar-2007, 09:55 AM
It already checks both. :)
03-Mar-2007, 05:39 PM
Right now, with my setting at 1, if somebody types in:
<a href="http://www.somepornspammerssite.com">Some Porn Spammers Site</a> then yes the message is detected as an attack, but if they type in:
<a href="www.somepornspammerssite.com">Some Porn Spammers Site</a>
www.somepornspammerssite.com then these links are not classified as attacks. I realize that without the markup, a person might just be trying to send over an URL they want to you check out, but the particular nature of my specific form would be that nobody would ever send a URL or link. I have client side validation for this already, but if some spammer bypasses my validation and submits the form the way they do, I was hoping my examples would generate errors, but they don't.
Am I just being paranoid?
03-Mar-2007, 09:51 PM
This should be detected as an attack. Please test again.
This will not be detected as an attack.
If we need to, we will add this detection, but, unless your particular email client automatically interprets this as hyperlink, then the spammer is pretty much wasting their time using just the text.
04-Mar-2007, 05:00 PM
Yes, my email client interprets this as a hyperlink.
Powered by vBulletin® Version 4.1.4 Copyright © 2013 vBulletin Solutions, Inc. All rights reserved.