表格和劫持网站 [英] Forms and Hijacking a website

问题描述

Expression Web是否有一些防止网站劫持的内置系统。 （实际上，我读到了这个，但我不知道具体发生了什么，或者为什么有人想劫持我的网站 - 我很想听到这个。）
是什么带来了这个我看到的表格带来了很多goobly-gook。请参阅下面的示例。他们是否试图超载某些缓冲区以获取对该网站的访问权限？或者我是否没有理由担心因为Expression Web使用的代码阻止了这种事情？

School_Name： ggsgbac

Email_Address： xjylid@alugcd.com

Name_now： ggsgbac

Married_Name ： ggsgbac

Spouse_Partner： FEfUVfqYqeohcYPXr

< span style ="font-size：small; font-family：Consolas">地址： murDwRvBDZYyqukq

Mailing_Address： xjylid@alugcd.com

城市： vdklcUnYmCbLldXD

状态： wTVuNpGKRqX

ZIP： vVNzyhrZprsxwYUeN

还有很多内容包括网址。

如果重要我的网址是 http://reversemortgageconsultant.com/
-Tom

解决方案

您所看到的与网站无关劫持。你看到的是机器人填写你的表格有两个原因：1）垃圾邮件你的表格或2）找他们可以利用的漏洞电子邮件注入攻击。您需要做的是实施某种验证码系统，并确保您可以抵御电子邮件注入攻击。

我的样本表格包括Captcha：
http：// www.veign.com/code-view.php?type=web&codeid=59

包含防止电子邮件注入攻击的示例电子邮件表单：
http://www.veign.com/code-view.php?type=web&codeid=48

Does Expression Web have some built-in system that prevents web site hijacking.  (Actually, I read about this but I don't know what specifically happens or why someone might want to hijack my website - I'd love to hear a little on this.)

What brings this up is I'm seeing forms returned with a lot of goobly-gook.  See below for a sample.  Are they trying to overload some buffer to gain access to the site?????

Or do I have no reason to be concerned because Expression Web uses code that prevents that sort of thing?

School_Name:            ggsgbac

Email_Address:          xjylid@alugcd.com

Name_now:               ggsgbac

Married_Name:           ggsgbac

Spouse_Partner:         FEfUVfqYqeohcYPXr

Address:                murDwRvBDZYyqukq

Mailing_Address:        xjylid@alugcd.com

City:                   vdklcUnYmCbLldXD

State:                  wTVuNpGKRqX

ZIP:                    vVNzyhrZprsxwYUeN

 
There is a lot more including URLs.

My URL if it matters is http://reversemortgageconsultant.com/

-Tom

解决方案

What you are seeing has nothing to do with website hijacking.  What you are seeing is bots filling out your forms for one of two reasons: 1) Spam your forms or 2) Looking for holes where they can exploit an email injection attack .  What you need to do is implement some kind of captcha system and make sure you are secure against email injection attacks.

My sample forms that include Captcha:
http://www.veign.com/code-view.php?type=web&codeid=59

Sample email form that include protection against email injection attacks:
http://www.veign.com/code-view.php?type=web&codeid=48

这篇关于表格和劫持网站的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！