表格和劫持网站 [英] Forms and Hijacking a website
问题描述
Expression Web是否有一些防止网站劫持的内置系统。 (实际上,我读到了这个,但我不知道具体发生了什么,或者为什么有人想劫持我的网站 - 我很想听到这个。)
是什么带来了这个我看到的表格带来了很多goobly-gook。请参阅下面的示例。他们是否试图超载某些缓冲区以获取对该网站的访问权限?或者我是否没有理由担心因为Expression Web使用的代码阻止了这种事情?
School_Name: ggsgbac
Email_Address: xjylid@alugcd.com
Name_now: ggsgbac
Married_Name : ggsgbac
Spouse_Partner: FEfUVfqYqeohcYPXr
< span style ="font-size:small; font-family:Consolas">地址: murDwRvBDZYyqukq
Mailing_Address: xjylid@alugcd.com
城市: vdklcUnYmCbLldXD
状态: wTVuNpGKRqX
ZIP: vVNzyhrZprsxwYUeN
还有很多内容包括网址。
如果重要我的网址是 http://reversemortgageconsultant.com/
-Tom
您所看到的与网站无关劫持。你看到的是机器人填写你的表格有两个原因:1)垃圾邮件你的表格或2)找他们可以利用的漏洞电子邮件注入攻击。您需要做的是实施某种验证码系统,并确保您可以抵御电子邮件注入攻击。
我的样本表格包括Captcha:
http:// www.veign.com/code-view.php?type=web&codeid=59
包含防止电子邮件注入攻击的示例电子邮件表单:
http://www.veign.com/code-view.php?type=web&codeid=48
Does Expression Web have some built-in system that prevents web site hijacking. (Actually, I read about this but I don't know what specifically happens or why someone might want to hijack my website - I'd love to hear a little on this.)
What brings this up is I'm seeing forms returned with a lot of goobly-gook. See below for a sample. Are they trying to overload some buffer to gain access to the site?????
Or do I have no reason to be concerned because Expression Web uses code that prevents that sort of thing?
School_Name: ggsgbac
Email_Address: xjylid@alugcd.com
Name_now: ggsgbac
Married_Name: ggsgbac
Spouse_Partner: FEfUVfqYqeohcYPXr
Address: murDwRvBDZYyqukq
Mailing_Address: xjylid@alugcd.com
City: vdklcUnYmCbLldXD
State: wTVuNpGKRqX
ZIP: vVNzyhrZprsxwYUeN
There is a lot more including URLs.
My URL if it matters is http://reversemortgageconsultant.com/
-Tom
What you are seeing has nothing to do with website hijacking. What you are seeing is bots filling out your forms for one of two reasons: 1) Spam your forms or 2) Looking for holes where they can exploit an email injection attack . What you need to do is implement some kind of captcha system and make sure you are secure against email injection attacks.
My sample forms that include Captcha:
http://www.veign.com/code-view.php?type=web&codeid=59
Sample email form that include protection against email injection attacks:
http://www.veign.com/code-view.php?type=web&codeid=48
这篇关于表格和劫持网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!