Server Side Form Validation

  • daniel@morellwebsolutions.com
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 2
  • Thank you received: 0

daniel@morellwebsolutions.com created the topic: Server Side Form Validation

Some malicious individual is spamming the forms on a few of my websites.

They appear to be intercepting the POST headers and modifying them before they are submitted to the server. This is not very hard to do. Based on the frequency, it would seem that this is done programmatically not manually.

To ensure human's input is correct, I need to use the JavaScript validation to validate the data is correct before submission. However, once the data is submitted I need it to be passed through server-side validation that mirrors the JavaScript client-side validation to ensure the data was not modified by a proxy interceptor and/or someone is just throwing POST headers at my server.

Now for the actual question.

What is the simplest way to set server-side validation in Breezing Forms? I essentially want to duplicate all validation rules one set client-side one set server-side.

If the server side validation fails I would like the data to not be written to the database or have email notifications sent.

Some assistance would be greatly appreciated.
#220563
  • Posts: 2154
  • Karma: 67
  • Thank you received: 262

DarkoCujic replied the topic: Server Side Form Validation

Hey,

server side validation is not too difficult to do, but there might be other options. Adding a SSL certificate to your site helps a lot, as it encrypts all the headers making it more difficult for attackers to modify them.
I assume you're already using reCaptcha on all those sites?

For the server side validation, basically what you would do is have a Before Form piece that checks if there's anything posted to it, parses the data and does all the checks on specific elements. Then every element should have an AJAX call for validating + a call to JS validation (default validation). This might get a bit traffic heavy if your forms are bigger.

Kind regards,
Darko

Satisfied with our support? PayPal tips
===========
Need to renew Pro Support? Buy Here!
===========
Satisfied? Consider a membership!
===========
Like us on Facebook
===========
Support Crosstec and get ALL EXTENSIONS and professional support for just $5. Here!
#220576
  • daniel@morellwebsolutions.com
  • Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
  • Posts: 2
  • Thank you received: 0

daniel@morellwebsolutions.com replied the topic: Server Side Form Validation

Hey DarkoCujic,

Thanks for the help. I have both an SSL and reCaptcha.

It was really puzzling me how they were getting so much spam through until a few days ago. A form submission included only one of the four required fields.

At that point, I knew they were bypassing the validation. I knew the simplest way to do it would be to modify the headers using a proxy.

I ran a quick check with Burp and was able to bypass the validation in about 1 minute without any trouble.

Do you have any documentation/examples for server-side validation?
#220642
  • Posts: 1
  • Thank you received: 0

williamhold replied the topic: Server Side Form Validation

#234802
Moderators: ForumSupporttomeperica
Time to create page: 0.062 seconds

Community Reward

Help us to create new extensions and plugins! With only $5 you help us a lot and get unlimited download access to all of our products, professional support and even more. Get your reward now!

Read More Here

News and Updates

Get informed about new downloads, updates and more in our News and Updates newsletter.

All Extensions Subscription

Get 1 year access to all of our current and future products and 1 year of professional support -- 99€

No support per domain or website installation limits! Includes all of our current and future Joomla!® extensions, Joomla!® templates for the duration of your membership. This means, by purchasing an All Extensions Subscription you'll have it all covered!

Get it from here

3rd Party Discount - 25% Off

We help you to keep your costs under control. If you are a new member and purchased a form building tool from a different form vendor, then you'll get a 25% discount on our subscription plans.

How to receive the discount:

Send us a quick email to sales@crosstec.org with a proof of purchase (for example a paypal receipt), await payment instructions and enjoy your membership!

Community Reward

Help us to create new extensions and plugins! With only $5 you help us a lot and get unlimited download access to all of our products, professional support and even more. Get your reward now!

Read More Here