Issue with hacker

7 posts by 5 authors in: Forums > CMS Builder
Last Post: April 30   (RSS)

By nmsinc - April 25

I have an issue with a malicious hacker who two to three times a week completes a new subscriber form. I record the users IP address so that I can enter it into a blocked list. However, he/she uses a different IP address each time.

I do not think he/she is gaining access as the system. What has me perplexed though, each time the new account is created, the record number assigned is either 8, 9, 10 11, or 12. These are empty record files on the system. I erase the records each time the hacker completes the form so the next record should be in sequence, or should it?

The hacker also completes every field of the form when it's not required as seen below. He/she also uses a different, but valid email address each time!

Blanda - Raynor
Eulah Jast
7055 Shayna Lock
7055 Shayna Lock
East Justusport, NE 33253
PHONE: (903) 597-6685 x98397

Any ideas or help to prevent this would be appreciated. 

 Any help would be appreciated.


By kitsguru - April 27

Are you using an sort of captcha? you can add googles recaptcha which works well.

You can also use hidden inputs and check those to see if modified. I have added three hidden inputs on some of my forms. One empty value, one set to 1 and one set to a string. if any  value is altered, the form does not get processed.


Jeff Shields

By gkornbluth - April 27

Hi Nmsinc,

If you need them there are recipes on implementing Google recaptcha in the CMSBCookbook.

Stay safe,

Jerry Kornbluth

The first CMS Builder reference book is now available on-line!

Take advantage of a free 3 month trial subscription, only for CMSB users, at:

By Zicky - April 28

Create a honey pot for those pest to taste. Add the code below "before" your mysql insert into table lines of code on the page that your sign up form exist. You can spin off additional honey pots or various types for almost any type of pest control.

//Pest Control
$pest = $_POST['your_accesscode'];
  if($pest) {
  //#kill pest
  header ("Location: ".$url);
  } else {
    // Process form like normal

Then add a hidden input to your sing up form.

<div class="accesscode"><input type="text" name="your_accesscode" class="accesscode" placeholder="Access Code"></div>

Then a little CSS to make the input field hidden.

.accesscode {
    display: none !important;

Hope you find this helpful.


By nmsinc - April 29

Hi Greg,

Yes, i'm using the membership plugin!


By gregThomas - April 30

Hey nmsinc,

If you're interested, I can review the sites sign up page to see if I can find why those num values are being reused. If you send an email to with a link to the sites login page along with FTP details, I can take a closer look.



Greg Thomas

PHP Programmer -