Forums

A weird situation happened with one of our customers last night. A form that is available in the website was filled about 800 times triggering emails to the customer. In some cases the fields were just empty, in other cases appears that someone was trying to apply some SQL injection on the website. See below:

Name: Peter+Winter
Company: Winter+Consulting
Address: 
Phone: 555-555-0199
Fax: 555-555-0199@example.com',0)waitfor delay'0:0:20'--
E-mail: winter@example.com


IP: 207.170.247.206 

The actions that I took were include a captcha in the form and update Chronoforms to the latest version. My question is: How do I prevent this from happening again?

Thank you,
SOHO Prospecting Team

Hi sohopros,

By default ChronoForms does no validation or sanitization* of the data submitted so you are open to hacking attempts. Please see this FAQ for solutions that you can add.

Bob

* The problem with adding it is that ChronoForms are used for widely different purposes and code that one site needs to block may be just what another site wants to permit.