Software, your way.
How To Get Good Custom Software
(Download)
(PDF)
burger menu icon
WillMaster

WillMaster > LibraryManaging Website Forms

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Differences Between Automated Submission
and Form Hijacking

Automated form submission can be a nuisance.

Form hijacking can be dangerous to financial health.

Although the latter includes aspects of the former, the differences in potential consequences are huge.

Automated Form Submission

There are legitimate and desirable reasons for automatically submitting software. This article addresses only unauthorized submissions.

Automated submission is, as implied, the submission of your forms by automated software. Software automatically submits your form with the spammers message as the contents of a form field, usually the "message" or "comment" field.

Spammers are using this technique more and more. A database of vulnerable forms is fed into submission software. Then the site owners get spam from what appears to be their own forms. Note, it is only the owner of the form that is receiving the spam with the automatic submission technique addressed here.

Form Hijacking

This method of spamming uses your form handling software to send spam to hundreds and thousands and even hundreds of thousands of email addresses. It's bad news for site owners.

It can get you labeled as a spammer. What believable defense would you have? The spam is sent from your own domain!

It can get your hosting account shut down.

It can get your IP address on blacklists.

The technique is to insert a line feed code into form field information being used somewhere in the email header. This might be an email address or subject or other information, like the form user's name.

After the line feed is inserted with their automated hijacking software, spammers can insert their own header lines.

This is when the email addresses are inserted, usually as a BCC line.

Not only do they have control of the header at that point, they can insert their own content! All they have to do is insert two line feed codes after the BCC line and follow that with their spam message.

It's nasty.

Fortunately for domain owners (yet unfortunately for hosting companies), many hosting companies have experienced the effects of form hijackings on domains they host. Thus, they are aware that you probably didn't intentionally send the spam. (Although they might wonder if you are the real spammer using this method to pretend victimization.)

This is costing your hosting company real money, more than just the additional traffic fees and forever lost computing resources. They also must deal with the major email destination ISPs or others if your domain's IP address has been put on blacklists.

They probably will, as an act of self-preservation, disable your software.

Maybe that's all they'll do to you. Maybe they'll feel kindly toward you, even after you installed and used insecure software.

It is better to prevent the hijacking in the first place.

Master Form .PHP and Master Form V4 both have anti-hijacking code built in. The first is PHP software and the other is Perl CGI software. Both are sophisticated enough to handle most form handling requirements, including multi-page forms, file uploads, and storing form submitted information in a database.

Read the references. Keep the resource handy. Test your forms. Use secure software.

It is possible to relax in the knowledge that your form software utilizes robust anti-hijacking code.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

More "Managing Website Forms" Articles

Strong Form Protection From Bots

Multi-Select Scrolling List Box

Verifying Two Form Fields Have Identical Content

Other Recent Articles from the Library

Keeping Image Location Secret

Easier Reading of JSON Data

Fixed Position Image

Visually Centering Images

Cookie Directory Protection

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC