Give help. Get help.

  • # August 24, 2009 at 3:43 am

    So I’ve just updated all of the web forms on my website with recaptcha to stop potential spam attacks, but there’s still the one little form on my homepage (Email newsletter submission) that has no kind of captcha attached to it.

    Does this form make my website open to attack in any way? It’s only a basic form, 1 field (Email) and a submit button, and then it sends this information to a .txt file in my directories.

    Let me know guys!

    On a side note, you just popped my posting cherry :lol:

    # August 28, 2009 at 6:37 pm

    I’d agree with that, but it doesn’t mean small websites don’t get hacked all the time… they do.

    But on another note:

    Captcha’s don’t do anything against "attack" as much as they "prevent spam."

    If you have a database driven website (like wordpress, etc.), an "attack" could try to change the content in your database.
    If you don’t have a database driven website, there’s not much to attack, except maybe trying to get in via ftp, or editing 777 files…

    # August 29, 2009 at 6:58 am

    if you wanted to prevent spam from that form try only accepting 1 email every 24 hours from a computer.

    # August 31, 2009 at 8:44 pm

    Unless the server-side script which processes the form data and interacts with the text file "sanitizes" the users input, then your web forms are most likely "open to attack".

    Google "data sanitization" for more information. This is a common starting point for PHP:

    # September 1, 2009 at 8:43 am

    yea gotta agree with everyone… if you put your site up on the interwebs, you are pretty much open for attack… there are always new ways around things. The thing you have to think of is how many people will actually care about little old you…

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.