Hacked?

guillome 07 Jul, 2015
Hello,

I am using chronoforms for my order processing. I have required fields that needs to be filled. After submit and email comes to us informing about the order.

This morning I got 5 emails as someone ordered, but all the fields were empty (although they are required). I checked the DB, no record was created.

I don't understand how a form can be submitted with empty fields when it is required, yet the DB doesn't contain anything, but the notification I received.
Is it hacked?

thanks,
Guillome
GreyHead 07 Jul, 2015
Hi Guillome,

I doubt that you have been hacked. The most likely explanation is that some web-bot scanned your site and tested the submit URLs. I'm not sure why the DB Save didn't run though.

Have you checked the IP addresses from the Emails to see what the source was?

Note that Client side validation uses JavaScript and is no protection against bots and spammers who have JavaScript turned off - you need ServerSide validation for that.

Bob
guillome 07 Jul, 2015
Thanks Bob. The emails are coming from our own servers for us admins to be notified. DBSave is strange. Now I understand why client side validation did not go through with required fields.

I have introduced just now google nocaptcha, I hope it will save spamming in the future.
GreyHead 07 Jul, 2015
Hi Guillome,

I understand that the Emails are going TO you, If you have the default IP address setting on then there will be an IP address at the end of the email body that can give a glue about what is triggering them.

Bob
guillome 07 Jul, 2015
I have disabled that option unfortunately:(
This topic is locked and no more replies can be posted.