 |
|
 |
Getting through captcha |
Post Reply 
|
Page 12> |
| Author |
 Share Topic Printable Version Google Delicious Digg StumbleUpon Windows Live Yahoo Bookmarks reddit Facebook MySpace Newsvine Furl Topic Search  Topic Options
|
freakyfred 
Groupie 
Joined: 29 March 2007 Location: United Kingdom Status: Offline Posts: 174 Points: 171 |
 Post Options
 Quote Reply
 Topic: Getting through captchaPosted: 11 October 2009 at 6:48pm |
|
Edited by freakyfred - 04 December 2009 at 2:27pm |
|
 |
|
|
freakyfred
Groupie
Joined: 29 March 2007 Location: United Kingdom Status: Offline Posts: 174 Points: 171 |
Post Options
Quote Reply
Posted: 11 October 2009 at 6:55pm |
|
I'm using this line fo code
elseIf Request("CAPTCHA_Postback") AND blnCAPTCHAcodeCorrect = False Then response.write("The Captcha code is incorrect") elseif execute email code here surely the it should trip on that before it reaches the emailing bit? |
|
|
|
|
MrTWS
Moderator Group 
Joined: 08 July 2007 Location: United Kingdom Status: Offline Posts: 964 Points: 937 |
Post Options
Quote Reply
Posted: 11 October 2009 at 7:01pm |
|
|
|
MrTWS
Moderator Group
Joined: 08 July 2007 Location: United Kingdom Status: Offline Posts: 964 Points: 937 |
Post Options
Quote Reply
Posted: 11 October 2009 at 7:02pm |
|
Also, try using Javascript on your form to help cut down on automated submissions
|
|
|
|
|
freakyfred
Groupie
Joined: 29 March 2007 Location: United Kingdom Status: Offline Posts: 174 Points: 171 |
Post Options
Quote Reply
Posted: 11 October 2009 at 8:01pm |
|
Edited by freakyfred - 04 December 2009 at 2:27pm |
|
|
|
|
WebWiz-Bruce
Admin Group 
Web Wiz Developer Joined: 03 September 2001 Location: Poole, England Status: Offline Posts: 23189 Points: 6389 |
Post Options
Quote Reply
Posted: 12 October 2009 at 11:10am |
|
Are you using CDOSYS to send the email?
If so you need to parse the data submitted. For example you can include 100's of email address separated by a semicolon in the subject line CSDOSYS will send the email to each of these email addresses. You can prevent this by parsing the data submitted for the subject line shortening the length to say 100 characters and removing any semicolons (;) Using JavaScript to validate the form, or using the size of a textbox will not work as these are both client side and can easily be changed by turning off javascript in the browser and using a browser plugin to modify the form input fields. |
|
|
|
|
freakyfred
Groupie
Joined: 29 March 2007 Location: United Kingdom Status: Offline Posts: 174 Points: 171 |
Post Options
Quote Reply
Posted: 12 October 2009 at 11:33am |
|
Edited by freakyfred - 04 December 2009 at 2:27pm |
|
|
|
|
WebWiz-Bruce
Admin Group
Web Wiz Developer Joined: 03 September 2001 Location: Poole, England Status: Offline Posts: 23189 Points: 6389 |
Post Options
Quote Reply
Posted: 12 October 2009 at 12:23pm |
|
Unless you have modified the CAPTCHA code they would only be able to submit the once before having to generate a new CAPTCHA code and entering it to be able to submit again.
It could well be that they are only submitting once to send the email 100's of times. I can see from your code that you are not parsing the user input and only using Request to get the data. This is very dangerous as the data can be submitted using either GET or POST, also you are not parsing it to remove any malicious code. The person submitting the malicious code could easily send a request to the server that contained 100's of email address. Most mail servers, if they receive a list of email addresses separated by a semicolon will send that email to ALL those email addresses in the list. You should rewrite your code to only allow submissions using POST from a form. You should then also parse the data to remove any malicious code such as semicolons from the email_to field and also any tags < and > from all the fields submitted. This is the very lease you should do to remove any malicious code as there are lots of different hacking techniques to get mail servers to relay on 1000's of emails just from a single form submission. Edited by WebWiz-Bruce - 12 October 2009 at 12:27pm |
|
|
|
|
Post Reply
|
Page 12> |
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
All prices are shown excluding VAT, which is charged where applicable. $, € prices shown as a guideline only.