I have a working form and this one


ATTACK_DETECTION_MANY_URLS

Doesn't work,

I have set it to 1 and when entering more that 2 or 3 URLS, the form happily submits form, urls and all...

Anyone have this working at all? Maybe its a bug.

LS

This works


$ATTACK_DETECTION_DUPS


Why not $ATTACK_DETECTION_MANY_URLS??

LS

did u enter http://www.somesite.com or just www.somesite.com (http://www.somesite.com)?

did u try <a href="somesite.com">?

did u enter http://www.somesite.com or just www.somesite.com (http://www.somesite.com)?

did u try <a href="somesite.com">?

Why not www.somesite.com? (http://www.somesite.com?) It is a perfectly valid URL...????

But, yes indeed - I did just enter www.somesite.com (http://www.somesite.com)So - I went back to the form and tried to enter "http://www.somesite.com" and jumpin junipers, it worked!!!!

Still, what happens if someone sticks in just www.somesite.com?

Thanks for your response...

LS

Why not www.somesite.com? (http://www.somesite.com/?) It is a perfectly valid URL...????


www.somesite.com (http://www.somesite.com) is not a URL, its just a string

http://www.somesite.com is a URL

Hi,

I'v decided to jump in on this thread and I've moved it to the Features Question Forum (http://www.tectite.com/vbforums/forumdisplay.php?f=20).

This document (http://www.tectite.com/fmdoc/attack_detection_many_urls.php) describes what URL detection is all about and why it's in there.

In summary, spammers try to send you clickable links via your forms to get you to visit their product sites.

So, our URL attack detection is designed to look for clickable links.

Crabtree is right - www.somesite.com (http://www.somesite.com) is not a URL. You have to have "http://" or "https://" or "ftp://" or other supported "scheme" to make a URL.

In theory, only real URLs would be clickable in the email you receive.

However, several email clients, such as Outlook Express, interpret "www.somesite.com" and decide to make it a clickable link even though it's not a real URL. I think these email clients just look for "www." and decide to create a clickable link based on that.

Gmail even looks at the Top Level Domain, and will make the following clickable links: fred.tv, jack.biz, hello.info. No "www." required!

Whether these automatic interpretations are useful to the email receiver can be debated, but they are certainly useful for spammers!

So, even though it shouldn't be necessary, and is probably not desirable, we'll be enhancing FormMail shortly to allow it to detect these non-URLs.

These will mean that you'll have the option of including them in the ATTACK_DETECTION_MANY_URLS (http://www.tectite.com/vbforums/../fmdoc/attack_detection_many_urls.php) and
ATTACK_DETECTION_MANY_URL_FIELDS (http://www.tectite.com/vbforums/../fmdoc/attack_detection_many_url_fields.php) attack detection features.

I hope this clarifies the situation for everyone!