hidden form action

Dev Shed Forums Sponsor:

Dell PowerEdge Servers

May 6th, 2003, 04:03 PM

bayman

Junior Member

Join Date: May 2003

Posts: 1

Time spent in forums: < 1 sec
Reputation Power: 0

hidden form action

Is there a way with ASP or Java to hide the form action part of a form? I have someone that has found the location of a script by looking at the source of one of my forms. They run some type of script that trys to post bogus info from 6:00 in the morning till 12:00 in the afternoon. Although it gets denied due to wrong input by the user, it sends administrative emails that are annoying (hundreds). If the user only saw the client side (below), they could not do it. Is there a way?

Bayman

Example:

<form action="" method=post>
7 Digit Pager Number<br>
<input type=hidden name=USER value="">

<input type=text size=9 maxlength=7 name=SUBJECT value="">

<input type=hidden size=25 maxlength=15 name=FRM value="">

<p>
Message<br>
<input type=text size=50 maxlength=80 name=MSG value="">

<p>
<input type=submit value="Send Page!">
</form>

May 7th, 2003, 07:37 AM

imbrokn

Contributing User

Join Date: Sep 2001

Location: NJ

Posts: 428

Time spent in forums: 11 h 34 m 8 sec
Reputation Power: 10

there is no way to do that client side. why don't you record the Ip address of the guy doing this to you, then you can just weed out and requests he tries to send. If you have access to IIS, i would just restrict his ip from the site.

May 7th, 2003, 12:47 PM

defjamninja

Overly white

Join Date: Mar 2003

Location: Fresno, CA

Posts: 83

Time spent in forums: < 1 sec
Reputation Power: 6

Maybe do something to the effect of after 3 bogus attempts ignore the IP. After an IP is blocked you should write all attempts from that IP to input bogus values along with a time and date stamp. You could then report them to there ISP.

May 17th, 2003, 04:44 AM

ngibsonau

Contributing User

Join Date: Feb 2003

Posts: 138

Time spent in forums: < 1 sec
Reputation Power: 6

If the action points to an asp page you can check the Request.ServerVariables("HTTP_REFERER") and only process form data that has come from you script.

here is a function that test if the form was posted from the script with the same name. eg. the form is in test.asp and the action is test.asp

Code:

' Test if the previous page and the current page are the same,
' ignoring the query string
' @return True if the last page is the same as the current, False otherwise
Function wasSelf()
  Dim url
  Dim referer
  Dim ext
  Dim length
  length = 3

  Dim fsobj
  Set fsobj = Server.CreateObject("Scripting.FileSystemObject")

  ext = fsobj.GetExtensionName(Request.ServerVariables("HTTP_REFERER"))
  If Not IsNull(InStr(ext,"?")) Then
    If InStr(ext,"?") < 3 Then
      length = InStr(ext,"?")
    End If
  End If
  If length > 0 Then
    ext = Left(ext, length)
  End If

  url = "http://" & Request.ServerVariables("HTTP_HOST") & Request.ServerVariables("URL")
  referer = fsobj.GetParentFolderName(Request.ServerVariables("HTTP_REFERER")) & "/" & fsobj.GetBaseName(Request.ServerVariables("HTTP_REFERER")) & "." & ext


  If LCase(url) = LCase(referer) Then
    wasSelf = True
  Else
    ' this handles default.asp when a directory name is given without any filename
    If Lcase(fsobj.getFilename(url)) = "default.asp" AND ((fsobj.GetParentFolderName(url) & ".") = referer) Then
      wasSelf = True
    Else
      wasSelf = False
    End If

  End If

'response.write url & "<br>"
'response.write referer & "<br>"
'response.write wasSelf & "<br>"

  set fsobj = Nothing
End Function

__________________
--

ngibsonau

Viewing: Dev Shed Forums > Programming Languages - More > ASP Programming > hidden form action

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

Accelerating Trading Partner Performance
One in five. That's how many partner transactions have at least one error. That is an amazing statistic, particularly given the extraordinary leaps in innovation across the global supply chain during the past two decades. Download this white paper to learn more.

Competing on Analytics
This Tech Analysis is designed to help identify characteristics shared by analytics competitors, and includes information about 32 organizations that have made a commitment to quantitative, fact-based analysis.

Cost Effective Scaling with Virtualization and Coyote Point Systems
An overview of the industry trend toward virtualization, how server consolidation has increased the importance of application uptime and the steps being taken to integrate load balancing technology with virtualized servers.

Five Checkpoints to Implementing IP Telephony
Implementation planning for IP PBX software and IP telephony has become vital as businesses replace discontinued legacy PBX phone systems. This informative whitepaper outlines five "checkpoints" for any implementation plan that will help make IP communications a successful proposition.

Hosted Email Security: Staying Ahead of New Threats
In the last two years, email has become a fierce battleground between the nefarious forces of spam and malware, and the heroes of messaging protection. The spam volumes increased alarmingly every month, bringing clever new forms of phishing and virus propagation attacks.

More Free IT White Papers!