Sign in:
Username:
Password:  
»Forgot your password?

Home | Forum | How to Protect Your Web Form | How to Protect Your Email | Sign Up

Insure yourself from spam! The Anti Spam Insurance Company - ProtectWebForm!

Forum - Security Update

PostMessage
oleg
2006-09-27 04:44:22
Well,
first of all, sorry for inconvenience.

update info url: http://www.protectwebform.com/securityupdate

This is the first security update of our code. Hope, we won’t have
much of them.

There were some ‘holes’ discovered by Pseudonym.
These holes are not in our service directly but in the code we
provide, so, all users who have written the code manually, using XML
we provide, may not worry. And as consequence we had to notify
everyone about this update.

What was changed:

1. now we are testing the string length on your end before sending it
to our service:

php: “ ... if(strlen($_POST['protectwebformcode']) > 30) { ...”

perl: “ ... if(length($in{'protectwebformcode'}) > 30) { ... ”

2. we are escaping all the arguments before sending it to our
service:

php: urlencode function

perl: uri_escape function (use URI::Escape;)

3. we are using socalled ‘hard’ check of the code.
php:
if(!preg_match("|<verification result=\"yes\"/>|",
$protectwebformresult)) {
die($pwf_message);
}

perl: if($protectwebformresult !~ m/<verification result="yes"/) {
print "Content-type: text/html\n\n".$pwf_message;
die;
}
This means, that in case of the next security issue, you have more
chances not to be spammed.
oleg
2006-09-27 05:02:13
We have added new verification url for the new code:
www.protectwebform.com/verify01
the old one:
www.protectwebform.com/verify is still working with old code.

jnmccrt
2006-09-27 06:25:25
I have pasted in the new section of Perl code as shown at
http://www.protectwebform.com/securityupdate but now my form doesn't
work. I get the error message:

Warning. You are not authorithed to use image protection provided by
http://www.protectwebform.com. Read http://www.protectwebform.com FAQ
for more informationContent-type: text/html The image code you have
provided does not match the actual one. Hit the 'back' button of your
browser and input the correct code please.Content-Type: text/html;
charset=iso-8859-1
Application Error

An error has occurred in the program

oleg
2006-09-27 07:21:17
did you entered correct x and yyy values?
as written on http://www.protectwebform.com/securityupdate?
jnmccrt
2006-09-27 09:08:55
I have regenerated the perl code from the very beginning, using your
code generator, and I can see the two correct values in it. The error
message now reads:

"The image code you have provided does not match the actual one."

I have emailed you my perl code, as I don't know if it's safe to
display my private codes here in the forum.
jnmccrt
2006-09-29 01:08:06
Oh dear ... I keep receiving notification that there has been a reply
to this thread when there hasn't. I'm getting about three of these
messages a day.
jnmccrt
2006-10-01 10:25:02
Happy ending. The constant email alerts about additions to this
thread have stopped, and I have at last got my form working again by
rewriting my HTML page from the ground up and incorporating the
"light" HTML code as generated by this site. I think the original
<form>...</form> tags might have been moved/removed by Dreamweaver at
some point (it really doesn't like where I put them! and that seems to
have been enough to stop the captcha working.






Post Reply:

You must be logged in to reply.
Post message
Name: 
Email: 
Url: 




Registered users: 20223

Forms protected: 48456

Further Reading & Anti Spam Resources:

Directory
Search our site for:
 
Web www.protectwebform.com

Get Thunderbird!

    ©Copyright 2006 ProtectWebForm.com. All rights reserved. Read our Privacy Policy

Page copy protected against web site content infringement by Copyscape