Contact Form Processing Products - for all your needs

FormMail • Form Encryption • Hosted Forms

ATTACK_DETECTION_MANY_URLS Setting

This page documents the ATTACK_DETECTION_MANY_URLS configuration setting in FormMail.

Type Of Setting

ATTACK_DETECTION_MANY_URLS is a RECOMMENDED setting, which means...

RECOMMENDED : you *should* change this setting. FormMail will work with the default value, but you may lose functionality if you don't modify this setting for your system.

Précis

Enables the "many urls in a field" detection.

Description

Set ATTACK_DETECTION_MANY_URLS to non-zero if you want FormMail's attack detection to check for "many urls in a field" attack.

This attack became prevalent in the latter part of 2006. The spammer parses your form looking for one or more textarea fields. He then crafts a fake submission and the textarea fields include a large number of URLs (to the spammer's product pages).

In general, the submission will fail but you might get an alert message containing the annoying failed submission (depending on your other configuration settings).

Even if the submission succeeds, only your form recipients will receive the spam submission. Your server is safe with Tectite FormMail and no other email addresses will receive the spam.

This detection allows you to control how many URLs are valid for data entered into your fields. FormMail cannot distinguish between textarea and non-textarea fields (because of the way HTML forms work), but it can look for a large number of URLs in any field. You control how many URLs will trigger the attack detection and cause the submission to be ignored.

The purpose of the ATTACK_DETECTION_MANY_URLS setting is to allow you to ignore these attacks (no errors or alerts will be sent to you) and to send the user/attacker to an explanatory page.

The default of 0 disables this detection. This is the best default value because you might want valid users to enter URLs into your forms!

To emphasize: this attack detection is off by default. You need to explicitly enable it if you want to use it.

If your forms are designed to allow people to send you URLs, then you need to decide how many URLs is too many and put this value in this setting.

A value of 1 will prevent any URLs from being entered in your forms.

For a general purpose contact form with a message area, a value of 2 or 3 is probably reasonable.

Note also the similar setting ATTACK_DETECTION_MANY_URL_FIELDS. You can enable both of these attack detections together because they test for different things.

Note that FormMail only checks your form's data fields for this attack detection. Special fields are ignored because several of them are supposed to contain URLs.

Default Value

From version 9 onwards:

$ATTACK_DETECTION_MANY_URLS = 0;

Before version 9:

define("ATTACK_DETECTION_MANY_URLS",0);

Examples

From version 9 onwards:

$ATTACK_DETECTION_MANY_URLS = 2;

Before version 9:

define("ATTACK_DETECTION_MANY_URLS",2);

From version 9 onwards:

$ATTACK_DETECTION_MANY_URLS = 7;

Before version 9:

define("ATTACK_DETECTION_MANY_URLS",7);

See Also