Contact Form Processing Products - for all your needs

FormMail • Form Encryption • Hosted Forms

ATTACK_DETECTION_DUPS Setting

This page documents the ATTACK_DETECTION_DUPS configuration setting in FormMail.

Type Of Setting

ATTACK_DETECTION_DUPS is an OPTIONAL setting, which means...

OPTIONAL : you can change this setting if you need to, but the default value is fine for most circumstances.

Précis

Controls the "duplicate data attack" detection.

Description

Set ATTACK_DETECTION_DUPS to the list of fields on your forms that should not have duplicate values.

One annoying attack on HTML forms scripts is to submit an email address in every field, with the aim of getting the script to send email to someone via your server.

Note that Tectite FormMail has always been invulnerable to this type of attack - your server is safe with Tectite FormMail.

The purpose of the ATTACK_DETECTION_DUPS setting is to allow you to ignore these attacks (no errors or alerts will be sent to you) and to send the user/attacker to an explanatory page.

If you use one form on your server, just list some or all of the fields that should never contain duplicate data. For example, a person's name is never the same as their address or their email address.

If you use more than one form, you can list fields from each of them or just use a common set.

FormMail ignores empty or missing fields when performing this particular abuse detection. This means it is fine to list field names you don't actually have on a form.

If you don't want FormMail to perform this particular attack detection, set it to an empty array like this:

$ATTACK_DETECTION_DUPS = array();

The default value contains a list of common fields you might want FormMail to check for duplicate data. Use this list unless you think it's valid for a user to put the same data in any of these fields. If your fields have different names, change the names.

Do not list checkbox, radio button, or select fields that have simple values such as "yes", "no", "0", "1". Only list fields that will have long and unique values.

Default Value

$ATTACK_DETECTION_DUPS = array("realname","address1","address2",
    "country","zip","phone","postcode","state","email");

See Also