Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
*Clicks site link, get’s auto-played video quickly closes tab*
I get batches of 4 to 5 emails through this form and they are all bogus with fake emails and only a few feilds filled out.
That’s probably just spam. What are you using to generate that scheduling form?
Hey Jan, no need for panic on your part. I have lesson files set to auto play because people are not smart enough to know they are there if I don’t have it set to auto play.
The form is just direct to my email as far as I know.
Thanks
You might use a captcha field within your scheduling form to prevent spam.
I agree this is just spam, but to partly answer your question, it is possible to get hacked from a form submit if the form contents are saved in the DB. This is how SQL injection attacks work. It’s easy to prevent by validating and sanitizing all input.
In your case where the form contents are forwarded to email and never stored on your DB, I believe you are pretty safe. There used to be attack vectors like buffer overruns, but I would expect modern systems are protected from such attacks. I don’t claim to be a security expert though, I could be wrong about the safety of form contents being emailed. I would still validate and sanitize content destined for email because the content will be stored somewhere, even if not my server. No one wants to be responsible for relaying malicious content.
And my take on auto-play if you don’t mind. You do need to make things important to your site easy for clueless people to find, no argument. I question if auto-play is the way to do it. I would suggest you lose more users like Jan and I due to auto-play than you gain by making content easy to find for the clueless. It is not out of fear that I quickly close such pages, it is out of annoyance. I maintain you can make content easy to find with proper page design without the need for auto-play.
Admittedly, I don’t know your target audience nor what you are offering besides lessons of some sort. I do know auto-play annoys a lot of people. It is your site, you may do with it as you please. I’m not suggesting you should do as I would like, just that if you haven’t, you might consider if the auto-play advantages really do outweigh the drawbacks.
Thank you bcworkz for the excellent answer and I apologize for the auto play tangent. It’s impossible to get anyone to stay on-task with their answers.
I will have my webmaster read you first 2 paragraphs.
Thanks!
