Why would a spammer do this?

@SamA74 so if I am not using a database, my only risk is reading an email that may contain malicious html, js or css - am I correct ?
And if I use htmlentities I can protect against that ?
Presumably if I do integrate with a database then prepared statements and htmlentities should be enough ?

I have it set at 1.5 seconds. It’s a variable you could tweak to suit, but that seems to work well for me.
I have set reporting, so I get notified when something is triggered, and why. Some are longer than a second, but I have yet to see one get through taking longer than 1.5.

Note in this example, I’m also reporting validation errors. Things like message length can be innocent, if a user’s browser does not support validation attributes on inputs (in this case maxlength), so it’s not a trigger for throwing a message out.
But some validation errors can be triggers, like fields that should be set, not being set, or system set values being something other than they should be (Eg, IDs in a 'select` drop-down), an invisible “honypot” being filled in, Etc. There are many wasy to catch out the bots.

If you are not connecting to a database, I don’t see how your databasse can be at risk.
The risks are as stated by others above, though maybe someone can think of more.

Always escape any data written to HTML, partucularly user input.

Use prepared statements to input your data, use escaping when writing retrieved data.

If you are happy that everything is secure, the risk is just the annoyance of being bombarded with spam.
Though with my reporting, I do get an email ever time a bot triggers my security system. But with that, the annoyance is turned to smug satisfaction that I out-smarted them.
If there were several every day, it may get tiresome and get switched off, but I don’t get too many. The reports are a useful way to monitor how they work, and the strengths and weaknesses of the system, so I can learn from it. Eg, I know the timer works well, and in the past I have noticed some false positive errors I have been able to fix.


This topic was automatically closed 4 days after the last reply. New replies are no longer allowed.