Attack detection seems not to work?

[Brake6]

Hello
I'm using the latest version. And I have set "ENABLE_ATTACK_DETECTION" to true.

In a form with five fields I fill in my e-mail in every field – but the form passed without any error. I also tried to fill in url's in every field ("ATTACK_DETECTION_MANY_URLS",1). Passed too.

I must be missing some setting??

I have also added my fields name to "ATTACK_DETECTION_DUPS"

Anyone know how to get this working?

Regards, Magnus

[jzieba]

Are you actually getting the form submission and not an alert e-mail? are you being directed to the attack detection page?

What is your form's url?

[Brake6]

Hi

Yes, the form is submitted to the right e-mail.

Here are the form: http://www.kattliv.com/tavling.php?tavling=hemma

Regards, Magnus

[jzieba]

If I put any any urls in your form then I get the attack detection url as I should. I used www.msn.com. So, this seems to be working.

I tried putting in test@test.com in all of the fields and it when thru.

What is your setting for ATTACK_DETECTION_DUPS?

[Brake6]

Aahh.
I tried with a .se url, and that went through. com does not

(Added .se to the URL pattern - sorry for being so sloppy).

Here are my settings for DUPS:
ATTACK_DETECTION_DUPS = array("realname","namn","adress","country","zip",
"telefon","postcode","state","e-post");


Regards, Magnus

[jzieba]

Check your field names in the DUPS setting. Keep in mind that they are case sensitive.

On your form you have Namn, Adress, postadress, Telefon, and e-post.

The only one that exactly matches your DUPS setting is e-post.

That should fix the problem.

[Brake6]

Great!
Thanks for your help

-- magnus

[crabtree]

btw, "e-post" is not a good field name for PHP/FormMail

i think it's valid HTML, but can cause problems with some PHP and FM functions

u should rename it to "e_post" - replace hyphen with underscore

[Brake6]

Okay, I will tell the person who do the writing and updating on the site.

Thanks for the tip

-- magnus