I have a site with a messageboard in it. There is a page to start a new thread. The user can fill in the information and click submit. I then check that each field is present and then after validating each field I send the data to the database. Recently I have been getting lots of spams. I thought that maybe some bot is filling in the information and submitting the pages. I entered an Image verification method too to prevent this. But of no use. I changed the password of my database but no use. Also, the amount of spams is so huge that it is not humanly possible to do so. Moreover it's useless for any human to do so. I get like 300-500 spams per day.
Then I noticed one thing. There are 4 fields those are validated. As per my code if any of these 4 field is empty then it will not submit and will prompt the user to enter the missing info. But, this spammer thingy is able to submit the info into my database with one of the fields missing. How is this possible? I checked the database and one of the fields is empty for all the messages that the spammer has entered.
So, this means that the spammer is not submitting the info to my page. Rather it has got the hold of my config file and table name and just putting in the info using this information. I mean this is what I feel.
Has anyone encountered such an issue before. Kindly help me as I have scratched my head for hours but couldn't find how the spammer is able to enter the data into the database