Re: Contact Info Best practices
Urb LeJeune <urb_at_e-government.com> wrote:
>There is another, and more serious, problem with form.
>There is a real possibility of your form being hacked and
>hundreds of thousand of messages being sent through your
>mail server. You could be placed on blacklists, including
>AOL, before you even realize you've been hacked. It is very
>difficult to tell the difference a legitimate submission of your
>from and one submitting via a remote script. It's happened
>to me and I'm a system administrator :-( It took about a
>month to get off AOL's black list.
What Urb describes is not a repercussion of a form being
hacked (which is quite improbable) but rather a problem that
can arise if someone uses an outdated perl/cgi script to process
their web form. It IS possible to hack an outdated cgi script to
turn the server running the script into a spam relay. But this
isn't a risk if using properly configured scripts.
Another potential problem can arise if you configure the
script to send a confirmation copy of the submitted message back
to the email address specified by the submitter. In that event,
the form can also be used by anyone to send an email message to
anyone they specify, also essentially turning the server into a
spam relay. The basic rule for safe computing is that any email
addresses that the form sends its messages to should be coded
directly into the script and not specified in either the form or
in the HTML coding of the form page.
--Cliff
Clifford R. Kurtzman
CEO | Moderator
ADASTRO Incorporated | The Online Advertising Discussion List
http://www.adastro.com | http://www.o-a.com
Received on Mon Aug 22 2005 - 09:34:15 CDT
