Tempusfugit UK

Webforms - a hacker target

Having run a Linux webserver for a number of years I am very aware of this threat. I have also attempted to run a Wordpress blog and the abuse of comment forms was one of the reasons that I abandoned Wordpress. Similarly, I gave up hosting my own Linux webserver as I grew tired of "fighting" with the spammers!

The Attack Vector

Basically when you place a form on your website it is an open invitation for those so inclined to attempt to access your server's resources. Depending on what the forms function is the result can range from bogus emails being sent from your email form to spam comments on your feedback forms. In an extreme case of a log-in form being compromised your site can be defaced, shut-down or you can be held to ransom.


External Sources