Page 1 of 1
Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 3:46 am
by rhecker
It often happens that form submissions to the database on my websites will contain random characters in most fields, then a series of urls in a textarea field. Often there will be five or six form submissions in a row like this.
I can't see that any harm is being done by these "attacks," but I want to be sure and I want to understand what's going on.
I use mysql_real_escape_string on all submitted data.
Thanks for any thoughts.
Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 4:07 am
by josh
Its skynet. Add a captcha

Or put a simple question like "grass is..." (and if they dont type green filter it to spam)
Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 4:44 am
by kaisellgren
josh wrote:Its skynet. Add a captcha

Or put a simple question like "grass is..." (and if they dont type green filter it to spam)
Hmm... it looks white here

Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 9:23 am
by rhecker
OK apparently I unwittingly said something stupid or funny. Glad you can have a laugh.
But my question was serious I still hope someone will answer it.
I wasn't initially asking what to do about it (capcha). Why use capcha if the submissions are harmless? I was asking what's going on, what's the objective of the human or non-human submitter.
Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 9:39 am
by kaisellgren
rhecker wrote:Why use capcha if the submissions are harmless? I was asking what's going on, what's the objective of the human or non-human submitter.
They are harmless, to some extent. Imagine having your database filed with billions of useless records, that is not entirely harmless. Spamming is what we hate. To get rid of most of it, we often use CAPTCHAs.
Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 9:49 am
by rhecker
Thanks for the explanation.
I don't see capchas as a good solution at all. That puts an annoyance on the customer, which is almost never a good solution. Also, many of my forms have Chinese, Japanese and Vietnamese versions, so a capcha would have to accommodate the various charactersets.
But what is generating these submissions? They put properly formatted email addresses in the email field, and don't dump their urls until they hit a textarea. So what is the objective?
Re: Trying to understand attacks on my forms
Posted: Sat Feb 20, 2010 11:25 am
by kaisellgren
You are right about CAPTCHAs not being good solutions, but they are not language-limited. Typically, you ask them to retype what they see in a picture, that's all.
There are three types of spamming. Targeted bot based, non-targeted bot based and non-bot based. Non-bots means that there's a human being spamming your site. Non-targeted bots are those that crawl the web and try to "fill out forms" generally for advertising purposes. Targeted bots are those that are made specifically for your site.