Helping ordinary people create extraordinary websites!
| |
Helping ordinary people create extraordinary websites! |
Testing Your Forms for Hijacking VulnerabilityBy Will Bontrager2005-10-07 
Is a Spammer Spider On the Loose?
Yes, it seems a spammer's spider is on the loose, trying every form it encounters. One of its trademarks is that it uses identical email addresses in all but one form field when looking for vulnerabilities, an address with the domain name where the form or the script is located. It keeps one field back to try for a vulnerability, one field at a time, and the Bcc is almost always to an AOL address where, presumably, the miscreant would be notified if the spider found a security hole. Note to owners of Master Form V4, "No need to worry about those notices when you get them. The software is tight against this kind of probe." To those using Master Feedback, "The software won't send you a notice of hijacking attempts. But I'm reasonably certain it, too, is tight against this kind of probe — provided you're using the latest version." Tutorial Pages: » Testing Your Forms for Hijacking Vulnerability » Want To Skip Testing? » Is a Spammer Spider On the Loose? » Why Should I Test? » Won't Spammers Use this Article To Find Vulnerable Forms? » How Do I Test? » Now What? Copyright 2004 Bontrager Connection, LLC
|
 |