Sign in:
»Forgot your password?

Home | Forum | How to Protect Your Web Form | How to Protect Your Email | Sign Up

Insure yourself from spam! The Anti Spam Insurance Company - ProtectWebForm!

Forum - Security Update

2006-09-27 04:44:22
first of all, sorry for inconvenience.

update info url:

This is the first security update of our code. Hope, we won’t have
much of them.

There were some ‘holes’ discovered by Pseudonym.
These holes are not in our service directly but in the code we
provide, so, all users who have written the code manually, using XML
we provide, may not worry. And as consequence we had to notify
everyone about this update.

What was changed:

1. now we are testing the string length on your end before sending it
to our service:

php: “ ... if(strlen($_POST['protectwebformcode']) > 30) { ...”

perl: “ ... if(length($in{'protectwebformcode'}) > 30) { ... ”

2. we are escaping all the arguments before sending it to our

php: urlencode function

perl: uri_escape function (use URI::Escape;)

3. we are using socalled ‘hard’ check of the code.
if(!preg_match("|<verification result=\"yes\"/>|",
$protectwebformresult)) {

perl: if($protectwebformresult !~ m/<verification result="yes"/) {
print "Content-type: text/html\n\n".$pwf_message;
This means, that in case of the next security issue, you have more
chances not to be spammed.
2006-09-27 05:02:13
We have added new verification url for the new code:
the old one: is still working with old code.

2006-09-27 06:25:25
I have pasted in the new section of Perl code as shown at but now my form doesn't
work. I get the error message:

Warning. You are not authorithed to use image protection provided by Read FAQ
for more informationContent-type: text/html The image code you have
provided does not match the actual one. Hit the 'back' button of your
browser and input the correct code please.Content-Type: text/html;
Application Error

An error has occurred in the program

2006-09-27 07:21:17
did you entered correct x and yyy values?
as written on
2006-09-27 09:08:55
I have regenerated the perl code from the very beginning, using your
code generator, and I can see the two correct values in it. The error
message now reads:

"The image code you have provided does not match the actual one."

I have emailed you my perl code, as I don't know if it's safe to
display my private codes here in the forum.
2006-09-29 01:08:06
Oh dear ... I keep receiving notification that there has been a reply
to this thread when there hasn't. I'm getting about three of these
messages a day.
2006-10-01 10:25:02
Happy ending. The constant email alerts about additions to this
thread have stopped, and I have at last got my form working again by
rewriting my HTML page from the ground up and incorporating the
"light" HTML code as generated by this site. I think the original
<form>...</form> tags might have been moved/removed by Dreamweaver at
some point (it really doesn't like where I put them! and that seems to
have been enough to stop the captcha working.

Post Reply:

You must be logged in to reply.
Post message

Registered users: 20242

Forms protected: 48457

Further Reading & Anti Spam Resources:

Search our site for:

Get Thunderbird!

    ©Copyright 2006 All rights reserved. Read our Privacy Policy

Page copy protected against web site content infringement by Copyscape