A weird situation happened with one of our customers last night. A form that is available in the website was filled about 800 times triggering emails to the customer. In some cases the fields were just empty, in other cases appears that someone was trying to apply some SQL injection on the website. See below:
The actions that I took were include a captcha in the form and update Chronoforms to the latest version. My question is: How do I prevent this from happening again?
Thank you,
SOHO Prospecting Team
Name: Peter+Winter
Company: Winter+Consulting
Address:
Phone: 555-555-0199
Fax: 555-555-0199@example.com',0)waitfor delay'0:0:20'--
E-mail: winter@example.com
IP: 207.170.247.206 The actions that I took were include a captcha in the form and update Chronoforms to the latest version. My question is: How do I prevent this from happening again?
Thank you,
SOHO Prospecting Team
Hi sohopros,
By default ChronoForms does no validation or sanitization* of the data submitted so you are open to hacking attempts. Please see this FAQ for solutions that you can add.
Bob
* The problem with adding it is that ChronoForms are used for widely different purposes and code that one site needs to block may be just what another site wants to permit.
By default ChronoForms does no validation or sanitization* of the data submitted so you are open to hacking attempts. Please see this FAQ for solutions that you can add.
Bob
* The problem with adding it is that ChronoForms are used for widely different purposes and code that one site needs to block may be just what another site wants to permit.
This topic is locked and no more replies can be posted.
