RSS feed links
Hijack-proof forms. Surveys. List building.
Solid, safe website tools.
Whatever your need, Will Bontrager builds powerful software solutions.
Solid, safe website tools.
Whatever your need, Will Bontrager builds powerful software solutions.
RSS feed links
Blog Article Categories |
(Get Attention Ticker for your web site)
It Keeps Happening (Form Hijackings)By Will Bontrager Form hijackings keep happening. A lot of site owners are now using hijack-proof or -resistant form processing software like Master Form V4. But many, it seems, are still not aware of their vulnerability. Early versions of Master Form and Master Feedback were distributed before the recent form hijacking method was devised. This blog entry is somewhat of a reiteration of earlier entries. Instead of appeal, it quotes an email received this morning, and my response.
Name: _______ Hello I use a Masterform script on my sites at http://_______/cgi-bin/masterform/MasterForm.cgi It seems this is being misused by someone who is sending masses of spam email from it - I have had many complaints Is there an upgrade or what can I do to eliminate this ? The form is is constant use and I ma not clever enouht to replace it Please help _______ This is my response. Hello _______, Before you do anything else, go to your server and rename MasterForm.cgi to MasterForm.txt That will stop the hijacking. Once you've done that, come back to this email. Renaming the MasterForm.cgi file to MasterForm.txt will also disable your forms. But that's only temporary. Here's is how to re-enable the forms: Go to http://willmaster.com/master/formV3/generator/makemf3.shtml and generate a copy of Master Form V3. No receipt number is needed to generate for domain _______ Master Form V3 has anti-hijacking code built in. Once you've generated Master Form V3, install it per the instructions -- in the same directory where MasterForm.txt is at now. Your forms' <form...> tag action="_______" attribute will need the script name MasterForm.cgi changed to MasterFormV3.cgi The rest of the form should work as is, but do test it. If you had been using a very early version of Master Form, one or more of the hidden fields might need to be changed. Thoroughly test the form, making sure it does what it's supposed to do. If anything doesn't work, and you can't find the answer in the manual, send me an email with the URL of the form and I'll have a look. Sincerely,
Will November 14, 2005 Please note: Articles on this website are presented "as is". However - If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Rate this blog post.
No page reload! |
|
© 1998-2001 William and Mari Bontrager |
|