From owner-freebsd-questions@FreeBSD.ORG Tue May 8 19:58:01 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E8B6216A404; Tue, 8 May 2007 19:58:01 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (noop.in-addr.com [208.58.23.51]) by mx1.freebsd.org (Postfix) with ESMTP id B801013C448; Tue, 8 May 2007 19:58:01 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by noop.in-addr.com with local (Exim 4.54 (FreeBSD)) id 1HlVot-0005No-57; Tue, 08 May 2007 15:57:59 -0400 Date: Tue, 8 May 2007 15:57:59 -0400 From: Gary Palmer To: Olaf Greve Message-ID: <20070508195759.GC33045@in-addr.com> Mail-Followup-To: Olaf Greve , Koos van den Hout , freebsd-questions@freebsd.org, freebsd-amd64@freebsd.org References: <2BEB30C2-C9C5-43AB-9DCA-5C9A1B0AC2C0@axis.nl> <20070504111105.GA13599@kzdoos.xs4all.nl> <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> Cc: freebsd-questions@freebsd.org, freebsd-amd64@freebsd.org, Koos van den Hout Subject: Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 May 2007 19:58:02 -0000 On Tue, May 08, 2007 at 02:51:45PM +0200, Olaf Greve wrote: > > The questions: > -Can anyone recommend me proper anti spam authorities to whom I can > report the IP addresses that caused the issues on my machine? 99.9999999999% of the hits will be from zombie PCs which have one or more virus infections. Reporting them might get the ISP to get their customer to clean up their PC, but I doubt it. You can try. > -At present, in Apache I have added: > > Order deny,allow > Deny from all > > Can anyone tell me of a good way to only ever allow calls to this > script coming from the proper previous script, or should this be > handled from PHP itself? > Perhaps this question isn't very clear, but what I'm looking for is a > way to block any and all direct calls to this script, that originate > from anywhere but from the photography site itself. > > Can anyone help me perhaps with those two thingies? You cannot assume the referrer header is truthful. The only way to try to do this is to have a hidden form field on the photography site with a randomly generate number in it. The number should also be stored in the session. If the number in the session does not match the number in the hidden form field, refuse the post. If you want to be really nasty, randomise the hidden field name also. But basically you need to start researching PHP security - none of these issues are new and are addressed in a variety of books and online documents.