From owner-freebsd-www  Wed Oct 30  1: 3: 6 2002
Delivered-To: freebsd-www@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 71F3137B401; Wed, 30 Oct 2002 01:03:05 -0800 (PST)
Received: from mailgw1.infonia.net (mailgw1.infonia.net [211.13.218.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 5240E43E3B; Wed, 30 Oct 2002 01:03:04 -0800 (PST)
	(envelope-from tetsurou@be.to)
Received: from post1.infonia.net (post1.infonia.net [211.13.218.225])
	by mailgw1.infonia.net (Postfix) with ESMTP
	id 1646CBBAD; Wed, 30 Oct 2002 18:02:58 +0900 (JST)
Received: from isola-uywb1ssu0.isolanet (p62f8b1.tokynt01.ap.so-net.ne.jp [219.98.248.177])
	(authenticated as btm2479 with CRAM-MD5)
	by post1.infonia.net (8.11.0+3.3W/8.11.0/HUB2.10-20021010155822) with ESMTP id g9U92va18018;
	Wed, 30 Oct 2002 18:02:57 +0900
	(envelope-from tetsurou@be.to)
Date: Wed, 30 Oct 2002 17:58:15 +0900
Message-ID: <87fzuogv6h.wl@isola-uywb1ssu0.isolanet>
From: Tetsurou Okazaki <okazaki@FreeBSD.org>
To: Kris Kennaway <kris@obsecurity.org>
Cc: developers@FreeBSD.org, www@FreeBSD.org
Subject: Re: Web send-pr interface disabled
In-Reply-To: <20021029184819.GA94062@xor.obsecurity.org>
References: <20021029184819.GA94062@xor.obsecurity.org>
User-Agent: Wanderlust/2.11.0 (Wonderwall) SEMI/1.14.4 (Hosorogi) FLIM/1.14.5 (Demachiyanagi) APEL/10.4 Emacs/21 (i686-pc-cygwin) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.4 - "Hosorogi")
Content-Type: text/plain; charset=US-ASCII
Sender: owner-freebsd-www@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-www.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-www>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-www>
X-Loop: FreeBSD.org

At Tue, 29 Oct 2002 10:48:19 -0800,
Kris Kennaway wrote:
> 
> I did a chmod 0 on the send-pr.html file on www.freebsd.org to stop
> the latest attention tantrum from our pet troll (see ports@).
> 

Drop permission bits of the front-end html file which contain the form
is not enough for a workaround, since trolls can post abused requests
via another web servers using a copy of the send-pr.html.

It is required to turn off permissions of the dosendpr.cgi.

Tetsurou



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-www" in the body of the message