Contact Form Processing Products - for all your needs

FormMail • Form Encryption • Hosted Forms

ATTACK_DETECTION_IGNORE_ERRORS Setting

This page documents the ATTACK_DETECTION_IGNORE_ERRORS configuration setting in FormMail.

Type Of Setting

ATTACK_DETECTION_IGNORE_ERRORS is an OPTIONAL setting, which means...

OPTIONAL : you can change this setting if you need to, but the default value is fine for most circumstances.

Précis

Controls whether to ignore certain errors that can be caused by attacks.

Description

Set ATTACK_DETECTION_IGNORE_ERRORS to true if you want FormMail to treat certain errors (e.g. no recipients field) as a spam attack.

Spammers sometimes try to send you spam via FormMail by assuming that FormMail will send you an alert if they don't fill some fields correctly.

For data fields, you can ignore these errors by setting ALERT_ON_USER_ERROR to false.

For other errors, however, set ATTACK_DETECTION_IGNORE_ERRORS to true.

NOTE: do not enable ATTACK_DETECTION_IGNORE_ERRORS until you've thoroughly tested your forms. The only way FormMail can tell you about faults in your forms is with alerts.

When you set ATTACK_DETECTION_IGNORE_ERRORS to true, you won't get some important alerts any more, so errors may be very hard to figure out.

NOTE: that this setting is different from the other attack detections in that the user is not redirected to an abuse message page. This setting purely prevents normal alerts being sent to you for certain types of errors.

Default Value

From version 9 onwards:

$ATTACK_DETECTION_IGNORE_ERRORS = false;

Before version 9:

define("ATTACK_DETECTION_IGNORE_ERRORS",false);

Examples

From version 9 onwards:

$ATTACK_DETECTION_IGNORE_ERRORS = true;

Before version 9:

define("ATTACK_DETECTION_IGNORE_ERRORS",true);

See Also