close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Major problem with contact form and captcha getting attacked

Thread began 5/04/2014 8:05 am by bryan107833 | Last modified 5/08/2014 1:39 pm by Jason Byrnes | 706 views | 9 replies |

bryan107833

Major problem with contact form and captcha getting attacked

My host has now blocked my contact page due to attack of the captcha image. I have attached the file and hope you can help ASAP. Thank you.

From host -
The script/page seems to have some recursive problem or other.
Because it seems like when a connection is make there is this massive
amplification of PHP processes (contact.php and
/WA_ValidationToolkit/WAVT_CaptchaSecurityImages.php back and forth)

Sign in to reply to this post

Jason ByrnesWebAssist

Please provide a Skype username or a US phone number and a good time to contact you when you will be in front of your computer and we will have an engineer contact you to resolve this issue over the phone.

We are available Monday - Friday from 9am - 4pm EST (except major U.S. holidays).

Sign in to reply to this post

bryan107833

Below is number. I am available this afternoon at 3:30 to 4:00 or tomorrow between 9 and 11:00. Thank you.

Sign in to reply to this post

Jason ByrnesWebAssist

I have forwarded your contact info to Ray, He should be contacting you today or tomorrow to look into the problem .

Sign in to reply to this post

bryan107833

This is a big issue as the contact form has been disabled from my server due to this abuse. Please contact me ASAP. If you can not call today I should be available tomorrow from 1:00 - 4:00. Thank you.

Any idea when I met get a call? Thank you.

Sign in to reply to this post

Jason ByrnesWebAssist

I have forwarded your message to Ray and Asked him to contact you today.

Sign in to reply to this post

bryan107833

Just letting you know that I have spoken with Ray and I am waiting for some additional information from my hosting company. Thank you.

Sign in to reply to this post

Jason ByrnesWebAssist

Ok, you're welcome.

Sign in to reply to this post

bryan107833

Here is the response from my server. (Remember I am only quoting their response.)

----------------------------------------
How old are these scripts would be my first question?

I believe I saw 2010 on many.
It's possible hackers are attempting to break in through some known
exploit in this script set.

Personally I'm not seeing that the contact form is doing these folks much
favors.
Why not just set a text only page with reference to phone numbers and
email contact address (saving everyone a lot of time)?

Nowadays most people know how to type email addresses (not like the old
days when we first started and felt people were so dumb they needed a form
with a submit button. :)

I've added some log info bottom of this email, but here's the thing. When
the script was bringing down the server, there were only a few connections
as well. This leads me to believe there is something wrong in the
scripting somewhere.

?Original Message-----

./calicosmetics.com:192.73.236.70 - - [08/May/2014:05:37:39 -0700] "GET
/contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:192.73.236.70 - - [08/May/2014:05:37:40 -0700] "GET
/product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:117.26.201.131 - - [08/May/2014:05:52:26 -0700] "GET
/contact.php HTTP/1.1" 404 7581 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1)"
./calicosmetics.com:74.221.212.33 - - [08/May/2014:07:40:01 -0700] "GET
/contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:74.221.212.33 - - [08/May/2014:07:40:25 -0700] "GET
/product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:192.73.236.70 - - [08/May/2014:05:37:39 -0700]
"GET /contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:192.73.236.70 - - [08/May/2014:05:37:40 -0700]
"GET /product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:74.221.212.33 - - [08/May/2014:07:40:01 -0700]
"GET /contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:74.221.212.33 - - [08/May/2014:07:40:25 -0700]
"GET /product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"

Original Message-----

./calicosmetics.com:192.73.236.70 - - [08/May/2014:05:37:39 -0700] "GET
/contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:192.73.236.70 - - [08/May/2014:05:37:40 -0700] "GET
/product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:117.26.201.131 - - [08/May/2014:05:52:26 -0700] "GET
/contact.php HTTP/1.1" 404 7581 "-" "Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1)"
./calicosmetics.com:74.221.212.33 - - [08/May/2014:07:40:01 -0700] "GET
/contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com:74.221.212.33 - - [08/May/2014:07:40:25 -0700] "GET
/product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:192.73.236.70 - - [08/May/2014:05:37:39 -0700]
"GET /contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:192.73.236.70 - - [08/May/2014:05:37:40 -0700]
"GET /product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:74.221.212.33 - - [08/May/2014:07:40:01 -0700]
"GET /contact.php HTTP/1.0" 404 7581 "https://www.calicosmetics.com/"
"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
./calicosmetics.com-ssl_log:74.221.212.33 - - [08/May/2014:07:40:25 -0700]
"GET /product.php?PL=Oliva%20Green&PN=Baci HTTP/1.0" 200 8096
"https://www.calicosmetics.com/contact.php" "Mozilla/5.0 (compatible; MSIE
9.0; Windows NT 6.1; Trident/5.0)"
-------------------------------
I hope this helps.

Sign in to reply to this post

Jason ByrnesWebAssist

  How old are these scripts would be my first question?  



When did you create the contact form? With what version of Form Builder?

My first question would rather be:
When the form is being accessed like this, are you getting emails through through?

if not, then as the host tech said, they may be trying to find a vulnerability, but are not succeeding.

that log shows that there are 3 IP addresses accessing the page:

192.73.236.70
74.221.212.33
117.26.201.131


you could use HTAccess to prevent access to your site from those IP's:
http://www.htaccess-guide.com/deny-visitors-by-ip-address/

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...