Hi,
can you please confirm that MachForm prevents SQL injection attacks and also email header injections attacks?
Thanks!
P :)
Appnitro Software Forums » MachForm
Some security questions
(5 posts)-
Posted 2 years ago #
-
Yes, MachForm has an extensive filtering and validation function, which automatically applied to all your form submission data to prevent those attacks.
MachForm also using a secure and reliable email library to send email.
Posted 2 years ago # -
Great!
Thanks
P :)Posted 2 years ago # -
This prevention does not appear to be that secure. I have a site that I've just added MachForm to and a spammer has successfully inserted spam code into the "Comments" field on an automatic basis.
Is there a way with MachForm to prevent a comments field from having "http:" in it? I think that would stop 90% of the attacks of this nature.
The e-mail headers that are being generated do not show the originating IP address for the spammer and they all have unique, and invalid, email addresses. They all have a link back to another unique url, also invalid.
Posted 2 years ago # -
Hi ernest,
I think we're referring to different subjects here.
My post above was meant for sql injection attack and email header injection attack, not spam.
If your form is being targeted by spam bots, you will need to turn on Spam Protection (CAPTCHA). Click on form properties tab and enable it from there.
Posted 2 years ago #
Reply
You must log in to post.