cforms II User Forum

Registration is currently disabled.
Guest

FAQs

Login form protected by Login LockDown.


Lost password?
Advanced Search

— Forum Scope —

  

— Match —

   

— Forum Options —

    

Wildcard usage:
*  matches any number of characters    %  matches exactly one character

Minimum search word length is 4 characters - maximum search word length is 84 characters

Topic RSS
Site hacked using cforms - how to prevent this in the future?
February 14, 2013
7:59 pm
jesseamber
Guest

My client's site was recently compromised using the form fields on her contact page, which is created by the cforms plugin. Unfortunately I don't have a lot of information -- they are a new client, I did not create the website and do not host it. The site was hacked, client contacted host company (GoDaddy) who informed her that code had been input into their contact request form, corrupting the site.

GoDaddy instructed her to add a Captcha and limit the number of characters per field. They restored her site (again, not sure of the details, I'm guessing from a backup).

As a quick and dirty solution, I've added a user verification field instead of a Captcha because it was easier with the layout of the site. I'm not seeing an easy way to limit the number of characters per field. It seems that should be a built-in feature for single line text fields!

At this point I'm not convinced that the same thing won't happen again. I'm tempted to switch to another contact form plugin but am not that familiar with the site and want to save time by working with what's already implemented. Are there other security measures I can take? Has anyone else had this problem?

Forum Timezone: Europe/Berlin

Most Users Ever Online: 959

Currently Online:
22 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

tracedef: 43

mores: 21

Gyrus: 20

frozenwaste: 18

asuffredini: 15

photoworks: 14

Member Stats:

Guest Posters: 3757

Members: 1463

Moderators: 3

Admins: 2

Forum Stats:

Groups: 1

Forums: 4

Topics: 5356

Posts: 18735

Newest Members: juredujmovic, dreamkeeper, rajattyagi, wrokaa, lukass

Moderators: Paul (421), cnymike (8), sonika (95)

Administrators: Oliver (6400), Nicky (3)