Results 1 to 5 of 5

Thread: Question about a FormMail error

  1. #1
    Join Date
    Aug 2007
    Posts
    78

    Default Question about a FormMail error

    I'm running FormMail 8.28 on this particular site and today I received some error messages from FormMail regarding a failed attempt to process a form. Clearly, a spammer is at work but I'm puzzled as to how this particular error would have been generated.

    Here is the notification I received from FormMail:

    To: tomdkat
    From: FormMail

    The following error occurred in FormMail :
    Some mail_options settings are undefined :
    You don’t have enough reviews to be found on the internet

    email:
    realname:

    SERVER_NAME was mysite.com
    REQUEST_URI was /form/formmail.php

    User IP address was aaa.bbb.ccc.ddd
    User agent was Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
    My question: how could the "You don't have" message be injected so FormMail thinks it's a mail_options setting?

    Thanks!

    Peace...
    Last edited by tomdkat; 12-Aug-2011 at 02:43 PM.

  2. #2
    Join Date
    Jul 2011
    Posts
    45

    Default Re: Question about a FormMail error

    It's possible to change the hidden fields of a form - there's a plugin option for Firefox that will do it. I won't name it here, but I suspect at least half the developers here have it installed. Some aspects of it are extremely useful to a developer. That is probably how they managed it. It can also be used by the unscrupulous to change the price of something being ordered online before checking out a shopping cart, which is why it's vitally important to check the price paid against the list price before dispatching goods!

    Compare these two images:-

    www.myksoftware.com/images/Image1.jpg shows the page as it should be viewed.

    www.myksoftware.com/images/Image2.jpg shows the page with hidden form fields including the price showing (and editable!)
    Last edited by Ben; 11-Oct-2011 at 01:11 PM.

  3. #3
    Join Date
    Aug 2007
    Posts
    78

    Default Re: Question about a FormMail error

    Scary! Thanks for the info!

    Peace...

  4. #4
    Join Date
    Jul 2011
    Posts
    45

    Default Re: Question about a FormMail error

    YW!

    Non-secure coding can be very, very dangerous. With some simple forms, even written in php or other server-side coding, you can download the resultant html to a local file, change one or two details and then run it locally. If it accesses all its links using absolute rather than relative urls, those links are then in danger since html looking for, say, http://www.mysite.com/downloads/thefile.zip can be access from a locally-run html file, whereas one which links to /downloads/thefile.zip can't - it'd just go off looking for something like file:///C:/download/thefile.zip. Yes, yes, I know you can simply look at that and go to the original site - it's just an example for simplicity's sake.

    Those pics I posted are from a website that uses a shopping cart that double-back-checks prices and descriptions so if someone were to go in and change the price they'd find that it took their money off them and then refused to give them the download link. Heh heh heh!!! - oh - unless, that is, they changed the price to a higher value! I haven't yet met anyone quite THAT stupid...

    So I'm very, very grateful for the facilities provided by the Tectite script - Captcha, while far from 100% perfect, will stop a lot of spammers dead in their tracks as a good one is impossible to break by most engines in the time available except by using a human to look at it and sell you the answer.
    Last edited by Ben; 11-Oct-2011 at 04:50 PM.

  5. #5
    Join Date
    Aug 2007
    Posts
    78

    Default Re: Question about a FormMail error

    That's also good information to have. We do use the CAPTCHA and I'm surprised at how effective it actually is!

    Thanks again for your help!

    Peace...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. question about formmail
    By StillLearning11 in forum Community Support
    Replies: 1
    Last Post: 04-Feb-2011, 12:44 PM
  2. FormMail to database question
    By Drachsi in forum HOWTO Guides and Tips
    Replies: 1
    Last Post: 14-Jul-2010, 10:05 PM
  3. Question about upgrade to FormMail 8.11
    By tomdkat in forum Community Support
    Replies: 4
    Last Post: 31-Dec-2008, 05:29 PM
  4. Question about FormMail 8.05
    By tomdkat in forum Community Support
    Replies: 2
    Last Post: 05-May-2008, 03:25 PM
  5. FormMail Error Question...
    By bdaane in forum Community Support
    Replies: 2
    Last Post: 22-Jan-2007, 05:44 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •