Trick to escape from form hijacking

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • theodore
    Sergeant

    • Sep 2006
    • 29

    Trick to escape from form hijacking

    Hi everyone
    i have put into practice the following trick to escape from "Form hijacking" if this happens. It is not a prevent trick but an escape one and you will understand what i mean when you read it. It has help me alot and is based not to a technical script but in logical.

    1. Creat an e-mail (for example website@yourname.com) and put this e-mail to your form script.

    2. Forward the above e-mail to your e-mail that you want to receive the form data.

    When (i hope never) someone hijack your form (you will understand it, belive me), just delete the website@yourname.com e-mail and create a new one (for example website1@yourname.com) following the same steps
    as above.

    This trick will not work if you have a catch up all e-mail.

    In this case just register a cheep domain name (for ex. $3 per year) and create an e-mail (for example website@cheepdomain.com ) and forward it to your e-mail.

    i hope that you will never need to create a second e-mail

    Theodore
  • navaldesign
    General & Forum Moderator

    • Oct 2005
    • 12080

    #2
    Re: Trick to escape from form hijacking

    Hi Theodore,
    I suppose that you mean using your form script for sending spam ? Or are you meaning capturing your own email address, to send spam to YOU ?

    In this second case, the form script can NOT be captured by any spider or bot. It is hard coded in the script itself, so it is not captured by code analyzers. However, it can be captured manually, if you have an autoresponder in your script, and this autoresponder uses the same email address as the script. It will be enough to make a form submission and receive the autoresponder email, to have your email address captured by a spammer.

    In the first case:

    bot or manual hijacking of form scripts, is used to send spam mail through your mailserver, and has nothing to do with the email address used. It sends directly from the form script, using your mail server. Injecting some of the form fields with additional code, that works as a trojan horse (for the script) will have the same effect even if you change the email address as you suggested above.

    The only solution in this problem is to use a script like the ABVFP which will not allow (if so set) to have the @ symbol in the form values submitted, thus preventing the use of your script for spam purposes.
    Navaldesign
    Logger Lite: Low Cost, Customizable, multifeatured Login script
    Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
    DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
    Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

    Comment

    • theodore
      Sergeant

      • Sep 2006
      • 29

      #3
      Re: Trick to escape from form hijacking

      Hi naval

      i'm talking about capturing my own contact form, to send spam to me.

      Take a look in "contact us" form in my website www.avitecengineering.com

      I was receiving more than 30 SPAM e-mails per day, using my form.

      When i make the above it stops.

      Comment

      • navaldesign
        General & Forum Moderator

        • Oct 2005
        • 12080

        #4
        Re: Trick to escape from form hijacking

        You can simply encrypt your email. Have a look at http://www.dynamicdrive.com/emailriddler/index.htm
        Navaldesign
        Logger Lite: Low Cost, Customizable, multifeatured Login script
        Instant Download Cart: a Powerfull, Customized, in site, DB driven, e-products Cart
        DBTechnosystems.com Forms, Databases, Shopping Carts, Instant Download Carts, Loggin Systems and more....
        Advanced BlueVoda Form Processor : No coding form processor! Just install and use! Now with built in CAPTCHA!

        Comment

        • theodore
          Sergeant

          • Sep 2006
          • 29

          #5
          Re: Trick to escape from form hijacking

          Thanks alot Naval.

          Theodore.

          Comment

          Working...
          X