Parameter xxxxxx is not known by module Search dropped

JamesT · Post by **JamesT** » Thu Dec 31, 2015 5:04 pm

Occasionally we see the error "Parameter xxxxxx is not known by module Search dropped" reported here. I see it occasionally in my logs.

I know why it occurs. Some badly programmed spam bots submit forms on the website using parameters which are not present within the <form> tags. This in turns triggers the error message mentioned earlier.

For instance this piece of code would simulate a poorly programmed spam bot submitting the search form using a parameter not present on the website:

Code: Select all

<form id="cntnt01moduleform_1" method="get" action="http://www.yourwebsite.co.uk/" class="cms_form">
<div class="hidden">
<input type="hidden" name="mact" value="Search,cntnt01,dosearch,0" />
<input type="hidden" name="cntnt01returnid" value="15" />
<input type="hidden" id="cntnt01fbrp_done" name="cntnt01fbrp_done" value="1" />
</div>

<input type="text" class="search-input" id="cntnt01searchinput" name="cntnt01searchinput" size="25" maxlength="50" value="Enter Search Here..." onfocus="if(this.value==this.defaultValue) this.value='';" onblur="if(this.value=='') this.value=this.defaultValue;"/>

</form>

This line is not present on the website but was added by the supposed spam bot:

Code: Select all

<input type="hidden" id="cntnt01fbrp_done" name="cntnt01fbrp_done" value="1" />

This in turn triggers this PHP error:

Code: Select all

[31-Dec-2015 16:48:41 Europe/London] PHP Warning:  Parameter fbrp_done is not known by module Search dropped in /var/sites/m/xxxxx.co.uk/public_html/lib/classes/class.CMSModule.php on line 652

Whilst not a major issue, ideally I don't think a spam bot should be able to trigger PHP errors in the error log on demand, but I do not know if these errors can be suppressed by CMSMS.