The Vulnerability Of Modern Websites
I have been thinking for a while at just how vulnerable websites are these days.
I have spent the past 8 years generating leads via websites using contact forms. In truth, the whole idea of a contact form is flawed.
Right now people use captcha to try and secure their forms from spam, but this will not protect them, especially against malicious attacks.
Lets say your business is setup around the concept that people visit your website, complete a form, and one of your sales guys calls him back to put the close on him.
This method works great, using telesales you can get much higher margins and close rates.
BUT... it is extremely vulnerable to attack.
Let me paint the following picture.
You get the phone book and input it into a database.
You create around 50 sentances related to the product of the victim
THEN... You create some software that...
- Scans for open proxies to use with submissions
- Completes forms on victims website using random details from the phone book (when they call them there will actually be someone with that name answering, imagine the wasted time!)
- Spins comments field using inputted sentances and thesarus alterations.
- Breaks any captcha they put on it
What can we do to protect against this?
I have thought about posibbly using java or flash to create the forms and randonly change the order and field names but even this wouldnt work. There are readily availbale libraries that can easily identify the sections by changing the monitor view to a jpg and detecting them.
Right now to get attacked like this is unlikely unless you piss off a programmer, but what about when inevitably someone, somewhere develops a "security tool" that automates this process.
What do we do then?
I'm not panicked or worried, its just that this has been buzzing round in my head. I really can't see any way to protect against it.
Are contact forms doomed to fail?
-
radio -
Thanks
{{ DiscussionBoard.errors[1110279].message }} -
-
GuerrillaIM -
Thanks
{{ DiscussionBoard.errors[1110396].message }} -
-
CMartin -
Thanks
{{ DiscussionBoard.errors[1111444].message }} -
-
d101 -
Thanks
{{ DiscussionBoard.errors[1128756].message }} -
-
GuerrillaIM -
Thanks
{{ DiscussionBoard.errors[1128818].message }} -