ChronoEngine.com homepage
Downloads Blog Shop FAQs Contact Forums Login Demo

Forums

Please write a review for the extension you are using on the Joomla extensions directory before posting a new question as we are being spammed by many negative reviews.

Thank you for your support!

Hacking attempt through Chronoforms

so
sohopros 01 Apr, 2015
A weird situation happened with one of our customers last night. A form that is available in the website was filled about 800 times triggering emails to the customer. In some cases the fields were just empty, in other cases appears that someone was trying to apply some SQL injection on the website. See below:

Name: Peter+Winter
Company: Winter+Consulting
Address: 
Phone: 555-555-0199
Fax: 555-555-0199@example.com',0)waitfor delay'0:0:20'--
E-mail: winter@example.com


IP: 207.170.247.206

The actions that I took were include a captcha in the form and update Chronoforms to the latest version. My question is: How do I prevent this from happening again?

Thank you,
SOHO Prospecting Team
Gr
GreyHead 01 Apr, 2015
Hi sohopros,

By default ChronoForms does no validation or sanitization* of the data submitted so you are open to hacking attempts. Please see this FAQ for solutions that you can add.

Bob

* The problem with adding it is that ChronoForms are used for widely different purposes and code that one site needs to block may be just what another site wants to permit.
This topic is locked and no more replies can be posted.
Terms of use Privacy Policy Business Partners

2Checkout.com

2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for goods and services provided by ChronoEngine.com