Am I open to attack?
# August 24, 2009 at 3:43 am
So I’ve just updated all of the web forms on my website with recaptcha to stop potential spam attacks, but there’s still the one little form on my homepage (Email newsletter submission) that has no kind of captcha attached to it.
Does this form make my website open to attack in any way? It’s only a basic form, 1 field (Email) and a submit button, and then it sends this information to a .txt file in my directories.
Let me know guys!
On a side note, you just popped my posting cherry :lol:# August 28, 2009 at 6:37 pm
I’d agree with that, but it doesn’t mean small websites don’t get hacked all the time… they do.
But on another note:
Captcha’s don’t do anything against "attack" as much as they "prevent spam."
If you have a database driven website (like wordpress, etc.), an "attack" could try to change the content in your database.
If you don’t have a database driven website, there’s not much to attack, except maybe trying to get in via ftp, or editing 777 files…# August 31, 2009 at 8:44 pm
Unless the server-side script which processes the form data and interacts with the text file "sanitizes" the users input, then your web forms are most likely "open to attack".
Google "data sanitization" for more information. This is a common starting point for PHP:
You must be logged in to reply to this topic.