Reply With QuoteThis works
Code:$ATTACK_DETECTION_DUPS
Why not $ATTACK_DETECTION_MANY_URLS??
LS
Welcome to the Tectite Forums! You can download and get support for our free PHP FormMail (form processor) and other free software.
Welcome to the Tectite Forums! You can download and get support for our free PHP FormMail (form processor) and other free software.
Active Member
Possible BUG: ATTACK_DETECTION_MANY_URLS
I have a working form and this one
Doesn't work,Code:ATTACK_DETECTION_MANY_URLS
I have set it to 1 and when entering more that 2 or 3 URLS, the form happily submits form, urls and all...
Anyone have this working at all? Maybe its a bug.
LS
Active Member
Re: Possible BUG: ATTACK_DETECTION_MANY_URLS
This works
Code:$ATTACK_DETECTION_DUPS
Why not $ATTACK_DETECTION_MANY_URLS??
LS
Valuable Member
Re: Possible BUG: ATTACK_DETECTION_MANY_URLS
did u enter http://www.somesite.com or just www.somesite.com?
did u try <a href="somesite.com">?
Active Member
Re: Possible BUG: ATTACK_DETECTION_MANY_URLS
Why not www.somesite.com? It is a perfectly valid URL...????Originally Posted by crabtree
But, yes indeed - I did just enter www.somesite.com So - I went back to the form and tried to enter "http://www.somesite.com" and jumpin junipers, it worked!!!!
Still, what happens if someone sticks in just www.somesite.com?
Thanks for your response...
LS
Last edited by lexscripta; 11-May-2007 at 11:32 AM.
Valuable Member
Re: Possible BUG: ATTACK_DETECTION_MANY_URLS
www.somesite.com is not a URL, its just a stringWhy not www.somesite.com? It is a perfectly valid URL...????
http://www.somesite.com is a URL
Tectite and FormMail Author
Re: Possible BUG: ATTACK_DETECTION_MANY_URLS
Hi,
I'v decided to jump in on this thread and I've moved it to the Features Question Forum.
This document describes what URL detection is all about and why it's in there.
In summary, spammers try to send you clickable links via your forms to get you to visit their product sites.
So, our URL attack detection is designed to look for clickable links.
Crabtree is right - www.somesite.com is not a URL. You have to have "http://" or "https://" or "ftp://" or other supported "scheme" to make a URL.
In theory, only real URLs would be clickable in the email you receive.
However, several email clients, such as Outlook Express, interpret "www.somesite.com" and decide to make it a clickable link even though it's not a real URL. I think these email clients just look for "www." and decide to create a clickable link based on that.
Gmail even looks at the Top Level Domain, and will make the following clickable links: fred.tv, jack.biz, hello.info. No "www." required!
Whether these automatic interpretations are useful to the email receiver can be debated, but they are certainly useful for spammers!
So, even though it shouldn't be necessary, and is probably not desirable, we'll be enhancing FormMail shortly to allow it to detect these non-URLs.
These will mean that you'll have the option of including them in the ATTACK_DETECTION_MANY_URLS and
ATTACK_DETECTION_MANY_URL_FIELDS attack detection features.
I hope this clarifies the situation for everyone!
Russell Robinson - Author of Tectite FormMail and FormMailDecoder
http://www.tectite.com/
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Bookmarks