From owner-freebsd-questions Wed Apr 10 3:57:31 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dire.bris.ac.uk (dire.bris.ac.uk [137.222.10.60]) by hub.freebsd.org (Postfix) with ESMTP id 1CFDC37B416 for ; Wed, 10 Apr 2002 03:57:29 -0700 (PDT) Received: from mail.ilrt.bris.ac.uk by dire.bris.ac.uk with SMTP-PRIV with ESMTP; Wed, 10 Apr 2002 11:57:17 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 3.16 #1) id 16vFkG-0005J2-00; Wed, 10 Apr 2002 11:54:33 +0100 Date: Wed, 10 Apr 2002 11:54:32 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: Lord Raiden Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Good spoof page for Apache?? In-Reply-To: <4.2.0.58.20020409233418.0095a220@pop.netzero.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 9 Apr 2002, Lord Raiden wrote: > ... yet "mydomain.com/login.cgi" would still get > them to where they needed to go. I just need a way to spoof an error, not > generate a real one to help keep out nosy bypassers. Any ideas? You also ought to realise that automated vulnerability scanners will target "well-known" addresses like /login.cgi, /cgi-bin/login.cgi and so on. What you've got is only security through obscurity (are people viewing your site through a proxy? Then details will show up in the logs. And in browser history, etc.) and may not be worth the effort. -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk "Sufficiently large"="infinite" for sufficiently large values of "sufficiently" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message