Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > HTML > Email form weirdness

Reply
Thread Tools

Email form weirdness

 
 
Neal
Guest
Posts: n/a
 
      12-07-2004
I got an email from the email form on the site I maintain (NMS Formmail).
I have it configured to send REMOTE_HOST, REMOTE_ADDR, HTTP_USER_AGENT and
HTTP_REFERER. The referer should be http://opro.org/email.html because
that's where the form is at.

This email, however, did not contain the referer. The other 3 were there.
The HTTP_USER_AGENT was:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser
[avantbrowser.com]; .NET CLR
1.1.4322)

I'm under the impression that NMS is rather secure. So what happened here?
Should I be worried? Should I do something about this? Or was this normal
in some fashion?
 
Reply With Quote
 
 
 
 
Inger Helene Falch-Jacobsen
Guest
Posts: n/a
 
      12-07-2004
Neal wrote:
> I got an email from the email form on the site I maintain (NMS
> Formmail). I have it configured to send REMOTE_HOST, REMOTE_ADDR,
> HTTP_USER_AGENT and HTTP_REFERER. The referer should be
> http://opro.org/email.html because that's where the form is at.
>
> This email, however, did not contain the referer. The other 3 were
> there. The HTTP_USER_AGENT was:
>
> Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser
> [avantbrowser.com]; .NET CLR
> 1.1.4322)
>
> I'm under the impression that NMS is rather secure. So what happened
> here? Should I be worried? Should I do something about this? Or was this
> normal in some fashion?


I don't know if this is useful, but I get the same
thing when I send email from my own form
http://home.no.net/ingernet/cont.php
using Firefox. Only when I use Opera or Internet
Explorer, the referring page is included.


--
Inger Helene Falch-Jacobsen
http://home.no.net/ingernet/
 
Reply With Quote
 
 
 
 
Neal
Guest
Posts: n/a
 
      12-07-2004
Inger:

> I don't know if this is useful, but I get the same thing when I send
> email from my own form
> http://home.no.net/ingernet/cont.php
> using Firefox. Only when I use Opera or Internet Explorer, the referring
> page is included.


Just tested with Firefox, it sends the referer.

Anyone using Avant want to send me an obvious test message to see if it
leaves off the referer by default? Say "martini" or something I'll
recognize...
 
Reply With Quote
 
Mark Parnell
Guest
Posts: n/a
 
      12-07-2004
Previously in alt.html, Neal <(E-Mail Removed)> said:

> I got an email from the email form on the site I maintain (NMS Formmail).
> I have it configured to send REMOTE_HOST, REMOTE_ADDR, HTTP_USER_AGENT and
> HTTP_REFERER. The referer should be http://opro.org/email.html because
> that's where the form is at.
>
> This email, however, did not contain the referer. The other 3 were there.


Many ISPs and proxy servers do not send the REFERER header, or send a
spoofed one. This will probably be the first of many.

--
Mark Parnell
http://www.clarkecomputers.com.au
 
Reply With Quote
 
Inger Helene Falch-Jacobsen
Guest
Posts: n/a
 
      12-07-2004
Inger Helene Falch-Jacobsen wrote:

> I don't know if this is useful, but I get the same thing when I send
> email from my own form
> http://home.no.net/ingernet/cont.php
> using Firefox. Only when I use Opera or Internet Explorer, the referring
> page is included.
>
>


Ping Beauregard T. Shagnasty:
I got your mail, with referer
http://home.no.net/ingernet/cont.php
and
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7.5) Gecko/20041107 Firefox/1.0
and your IP address - you're in the States!

My browser is
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7) Gecko/20040707 Firefox/0.8
About time to upgrade?


--
Inger Helene Falch-Jacobsen
http://home.no.net/ingernet/
 
Reply With Quote
 
Beauregard T. Shagnasty
Guest
Posts: n/a
 
      12-07-2004
Inger Helene Falch-Jacobsen wrote:

> Ping Beauregard T. Shagnasty:


Hey there!

> I got your mail, with referer
> http://home.no.net/ingernet/cont.php
> and
> Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107
> Firefox/1.0
> and your IP address - you're in the States!


That is all correct. Normally, I have the referer box unchecked. If
you add the PrefBar extension, you can make it readily available on
the toolbar. Works in both Moz and Firefox.
http://home.rochester.rr.com/bshagna...ges/mozbar.png

> My browser is
> Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707
> Firefox/0.8
> About time to upgrade?


Yes. And Thunderbird 1.0 was just released as well.

--
-bts
-This space intentionally left blank.
 
Reply With Quote
 
Mark Parnell
Guest
Posts: n/a
 
      12-07-2004
Previously in alt.html, "Beauregard T. Shagnasty"
<(E-Mail Removed)> said:

> Yes. And Thunderbird 1.0 was just released as well.


Thanks for that - hadn't seen it yet. Downloading now...

--
Mark Parnell
http://www.clarkecomputers.com.au
 
Reply With Quote
 
Inger Helene Falch-Jacobsen
Guest
Posts: n/a
 
      12-08-2004
Beauregard T. Shagnasty wrote:

> That is all correct. Normally, I have the referer box unchecked. If you
> add the PrefBar extension, you can make it readily available on the
> toolbar. Works in both Moz and Firefox.
> http://home.rochester.rr.com/bshagna...ges/mozbar.png


I already have the Web Developer bar, and it does
the same thing. You're a genious! I get the
referer now that Disable Referrer Logging is
unchecked. And another contact form that just gave
me an error message earlier this evening, works
perfectly now! Wow!
I also learnt that referer is correctly spelled
with 2 r's in the middle. Amazing how much
knowledge one can gather in just a few hours...

>> About time to upgrade?


> Yes. And Thunderbird 1.0 was just released as well.


I'll get them both as soon as possible (maybe get
some sleep now and do it tomorrow).


--
Inger Helene Falch-Jacobsen
http://home.no.net/ingernet/
 
Reply With Quote
 
Neal
Guest
Posts: n/a
 
      12-08-2004
Mark Parnell:

> Many ISPs and proxy servers do not send the REFERER header, or send a
> spoofed one. This will probably be the first of many.


Yep. I confirmed this by turning off referer support in Opera. I had never
encountered this before.

I wonder why people would want to not send the referer...
 
Reply With Quote
 
Neal
Guest
Posts: n/a
 
      12-08-2004
Beauregard T. Shagnasty:

> Normally, I have the referer box unchecked.


Why? I request the referer in order to confirm that no other entity is
trying to hack into my mail form. Am I being stupid? (I do that
sometimes...)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Multiple form weirdness in IE6 Rob Javascript 3 01-31-2008 05:45 PM
How to have email form send email and start file download bmurphy@xlrotor.com Javascript 13 05-14-2006 06:27 PM
email weirdness at Outlook Exp mistuh Computer Support 2 03-26-2006 05:07 PM
Client-side JavaScript weirdness with assigning a form element -in Windows / IE6 only. Any ideas? Doug Lerner Javascript 5 01-22-2006 12:28 AM
Tkinter WEIRDNESS or Python WEIRDNESS? steve Python 4 03-13-2005 12:34 AM



Advertisments