|
Posted by Drazen Gemic on 04/21/07 14:02
I have a feedback form on my site. People can fill the fields and
message is sent to me using 'mail' function, after the form gets
submitted (POST).
The fields are subject, from and text. 'subject' is optional, others
are mandatory. PHP script that handles the form input takes in account
predefined field names only.
The problem is that someone is sending me spam using that form. I
don't believe that they target me specificaly. It is more likely that
some automated robot is doing that. I tried to change field names, but
still getting the messages. I checked the message source, and they are
comming from the form.
My question is how they can guess the field names and determine which
mean what by automated process ? I guess they can parse html form to
get names, but how they can put values in proper fields ? Are they
using trial and error ? I should get messages with text in subject
field, too, then, but I don't.
It is a possible that someone is sending messages by hand, but who
could be such idiot ?
DG
[Back to original message]
|