: A particular IP address hits our form and submits an empty page every few days. Possible reasons? We look after a low volume website which has a contact us form which looks like this: <form
We look after a low volume website which has a contact us form which looks like this:
<form method="post" action="http://www.*****.com/cgi-bin/contact.cgi">
Starting a few weeks ago, every few days we receive an empty form submission. No subject, no nothing. They must be bypassing the submit button and hitting the server directly because if I submit even an entirely a empty form (validly, via the browser) I get subject line. Additionally, the form is working because valid forms with genuine customer enquiries are coming through too, one every few days.
The IP address is always the same. Checking the IP address all I can see is it's a webhosting outfit in Germany.
I don't think it's causing us a problem. But the customer wants to know why it happens.
What are the range of possible explanations to tell him?
More posts by @Ravi8258870
2 Comments
Sorted by latest first Latest Oldest Best
As John Conde says, it's probably someone trying to use your script as a spam relay.
I'd recommend modifying the script to log all requests into a file, exactly as POSTed. It might be just an automated script probing for vulnerabilities... or it might be that they're abusing an e-mail header injection vulnerability and the empty messages to you are just a side effect of that. Looking at the log should tell you what's actually going on.
Someone is probably trying to abuse the form and may be succeeding. They're probably trying to send spam through it and judging by the fact that they can submit an empty form they may be succeeding without your knowledge. There should be server side code in place to catch empty form submissions and throw a friendly error just in case it is a real human being having issues with the form (maybe not in this case but it may happen in others).
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.