v8.28 attack detection not working

[HolidayMum]

Hi

Today, I upgraded from v8.24 to v8.28 using the wizard and have noticed that the Attack Detection setting is no longer working. Previously I know it had worked under 8.24 as I had a few emailers saying they couldn't sumbit the forms with 5 consecutive consonants, so I increased the allowance to 5 and then they could submit the form. Today I received a form submission below with 6 consonants in a row and it got through formmail's security. Below is a copy of my attack detection settings in formmail and also the output from the form.

Are you going to put in a fix for this?

Thanks

/* Help: http://www.tectite.com/fmdoc/attack_detection_junk.php */
define("ATTACK_DETECTION_JUNK",true);
define("ATTACK_DETECTION_JUNK_CONSONANTS","bcdfghjklmnpqrstvwxz");
define("ATTACK_DETECTION_JUNK_VOWELS","aeiouy");
define("ATTACK_DETECTION_JUNK_CONSEC_CONSONANTS",5);
define("ATTACK_DETECTION_JUNK_CONSEC_VOWELS",4);
define("ATTACK_DETECTION_JUNK_TRIGGER",1);
$ATTACK_DETECTION_JUNK_LANG_STRIP = array(

email: djjfj@ghffjd.co.uk
FullName: claire
telephone: 0987654
Number_of_Adults: 7
Number_of_Children: 3
Day: 5
Month: Aug
year: 2011
Number_of_Nights: 7
questions:
Submit: Submit

[russellr]

Hi,

Please email the copy of FormMail you upgrade (the old version) to supportstaff AT tectite DOT com.

We'll investigate and post back.

[HolidayMum]

That's all done. Thanks

[russellr]

Hi,

Thanks.

I grabbed the old version you sent me and upgraded it.

The result was correct - your settings were transferred across.

So, no fault found there.

Looking at the example email you posted above, the only junk is in the email address.

The junk detector cannot be used on email addresses or other "technical" fields because technical items such as email addresses, URLs, scientific words, Welsh words, etc. are not normal English.

It's quite normal for a domain name or email address to have unusual English, so if we applied the junk detector against email addresses, real valid address would get rejected.

So, there's nothing wrong there either.

I hope that makes sense.

[HolidayMum]

Hi there

What is so odd that under v8.24 we had exactly that problem - we couldn't input the emails of some of our genuine enquirers - formmail was detecting it as spam. Presumably then you have put a fix in then from that version?

Thanks
Lucilla

[russellr]

Hi,

No., there's been no change in the Junk Detector between version 8.24 and 8.28.

But, you made this setting in your original FormMail:

PHP Code:

$ATTACK_DETECTION_JUNK_IGNORE_FIELDS = array("EmailAddr"); 


which tells FormMail to not use the Junk Detector on your EmailAddr field (which is a good idea).

You probably did this in the Wizard's Anti Spam Configuration area.

This setting has been transferred across during your upgrade to version 8.28 and so it works exactly the same.

[HolidayMum]

That explains it then, thanks