Welcome to the Tectite Forums! You can download and get support for our free PHP FormMail (form processor) and other free software.
Attack_detection_many_urls
is there an easy way I can have this feature redirect to the same URL as my bad_url?
Re: Attack_detection_many_urls
Did you check this post? I have not had this problem and do not really understand why they would want to spam in this way unless the form has an auto responder. Are they just hitting a lot of forms hoping to hit an auto responder?
Re: Attack_detection_many_urls
I like the feature. I just dont want it give the spammers any special knowledge about what program I'm using to send mail. Right now if the spammer tries to submit a message with hyperlinks, they get an error message, and in the address bar of the browser, they can clearly see the URL to my formmail.php. They also see that I am using tectite formmail, because the error tells them so. I think there are possibly other formmail errors that might do this same thing, and I don't want them to do this. I want ALL errors to redirect to my bad_url "../.../error.htm".
Re: Attack_detection_many_urls
Hi,
In the next few days we'll be releasing a new version of FormMail.
We'll add a configuration that lets you specify a URL to be used when an attack detection has occurred, instead of the current minimalist page.
Russell Robinson - Author of Tectite FormMail and FormMailDecoder
http://www.tectite.com/
Re: Attack_detection_many_urls
Hi,
OK, FormMail version 7.14 has a new configuration that allows you to specify a URL to redirect to when an attack detection occurs.
In addition, the default page now has a link to this informative page: http://www.tectite.com/serverabuse.php
(Of course, this default is the opposite of what you're wanting. But, you can redirect to any page now.)
Russell Robinson - Author of Tectite FormMail and FormMailDecoder
http://www.tectite.com/
Re: Attack_detection_many_urls
Thanks for the new features. I have upgraded already today. I have another question for you, but I'll start a new thread with it.
Re: Attack_detection_many_urls
Well, I was going to start a new thread, but then I thought my question is still related to this subject, so here goes...
It seems that the attack_detection_many_urls is looking for "http://", and I'd like it to consider "<a href="" an attack as well. If a spammer leaves out the http://, then the form sends the email. Having the <a href=" designated as an attack would prohibit this.
Thanks!
Re: Attack_detection_many_urls
Hi,
It already checks both.
Russell Robinson - Author of Tectite FormMail and FormMailDecoder
http://www.tectite.com/
Re: Attack_detection_many_urls
Right now, with my setting at 1, if somebody types in:
then yes the message is detected as an attack, but if they type in:Code:<a href="http://www.somepornspammerssite.com">Some Porn Spammers Site</a>
then these links are not classified as attacks. I realize that without the markup, a person might just be trying to send over an URL they want to you check out, but the particular nature of my specific form would be that nobody would ever send a URL or link. I have client side validation for this already, but if some spammer bypasses my validation and submits the form the way they do, I was hoping my examples would generate errors, but they don't.Code:<a href="www.somepornspammerssite.com">Some Porn Spammers Site</a> or simply www.somepornspammerssite.com
Am I just being paranoid?
Re: Attack_detection_many_urls
Hi,
This should be detected as an attack. Please test again.<a href="www.somepornspammerssite.com">
This will not be detected as an attack.
If we need to, we will add this detection, but, unless your particular email client automatically interprets this as hyperlink, then the spammer is pretty much wasting their time using just the text.
Russell Robinson - Author of Tectite FormMail and FormMailDecoder
http://www.tectite.com/
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
Bookmarks