+ Reply to Thread
Results 1 to 6 of 6

Thread: Possible BUG: ATTACK_DETECTION_MANY_URLS

  1. #1
    Join Date
    May 2007
    Posts
    18

    Default Possible BUG: ATTACK_DETECTION_MANY_URLS

    I have a working form and this one

    Code:
    ATTACK_DETECTION_MANY_URLS
    Doesn't work,

    I have set it to 1 and when entering more that 2 or 3 URLS, the form happily submits form, urls and all...

    Anyone have this working at all? Maybe its a bug.

    LS

  2. #2
    Join Date
    May 2007
    Posts
    18

    Default Re: Possible BUG: ATTACK_DETECTION_MANY_URLS

    This works

    Code:
    $ATTACK_DETECTION_DUPS

    Why not $ATTACK_DETECTION_MANY_URLS??

    LS

  3. #3
    Join Date
    Mar 2004
    Posts
    2,224

    Default Re: Possible BUG: ATTACK_DETECTION_MANY_URLS

    did u enter http://www.somesite.com or just www.somesite.com?

    did u try <a href="somesite.com">?

  4. #4
    Join Date
    May 2007
    Posts
    18

    Default Re: Possible BUG: ATTACK_DETECTION_MANY_URLS

    Quote Originally Posted by crabtree
    did u enter http://www.somesite.com or just www.somesite.com?

    did u try <a href="somesite.com">?
    Why not www.somesite.com? It is a perfectly valid URL...????

    But, yes indeed - I did just enter www.somesite.com So - I went back to the form and tried to enter "http://www.somesite.com" and jumpin junipers, it worked!!!!

    Still, what happens if someone sticks in just www.somesite.com?

    Thanks for your response...

    LS
    Last edited by lexscripta; 11-May-2007 at 12:32 PM.

  5. #5
    Join Date
    Mar 2004
    Posts
    2,224

    Default Re: Possible BUG: ATTACK_DETECTION_MANY_URLS

    Why not www.somesite.com? It is a perfectly valid URL...????
    www.somesite.com is not a URL, its just a string

    http://www.somesite.com is a URL

  6. #6
    Join Date
    Dec 2003
    Posts
    3,979

    Thumbs up Re: Possible BUG: ATTACK_DETECTION_MANY_URLS

    Hi,

    I'v decided to jump in on this thread and I've moved it to the Features Question Forum.

    This document describes what URL detection is all about and why it's in there.

    In summary, spammers try to send you clickable links via your forms to get you to visit their product sites.

    So, our URL attack detection is designed to look for clickable links.

    Crabtree is right - www.somesite.com is not a URL. You have to have "http://" or "https://" or "ftp://" or other supported "scheme" to make a URL.

    In theory, only real URLs would be clickable in the email you receive.

    However, several email clients, such as Outlook Express, interpret "www.somesite.com" and decide to make it a clickable link even though it's not a real URL. I think these email clients just look for "www." and decide to create a clickable link based on that.

    Gmail even looks at the Top Level Domain, and will make the following clickable links: fred.tv, jack.biz, hello.info. No "www." required!

    Whether these automatic interpretations are useful to the email receiver can be debated, but they are certainly useful for spammers!

    So, even though it shouldn't be necessary, and is probably not desirable, we'll be enhancing FormMail shortly to allow it to detect these non-URLs.

    These will mean that you'll have the option of including them in the ATTACK_DETECTION_MANY_URLS and
    ATTACK_DETECTION_MANY_URL_FIELDS attack detection features.

    I hope this clarifies the situation for everyone!
    Russell Robinson - Author of Tectite FormMail and FormMailDecoder
    http://www.tectite.com/

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Similar Threads

  1. Attack_detection_many_urls
    By CHMOD000 in forum Features Questions
    Replies: 10
    Last Post: 04-Mar-2007, 05:00 PM
  2. Attack_detection_many_urls
    By CHMOD000 in forum Community Support
    Replies: 9
    Last Post: 03-Mar-2007, 09:51 PM
  3. verifyimg.php bug?
    By jakobkramer in forum Community Support
    Replies: 2
    Last Post: 23-Nov-2006, 11:47 AM
  4. sampleautorespform.htm Bug
    By WyleySam in forum Bug Reports
    Replies: 1
    Last Post: 18-May-2006, 11:25 PM
  5. multiform/csv bug?
    By onno in forum FormMail Subscription Support
    Replies: 1
    Last Post: 06-Jul-2005, 09:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts