Date: Tue, 08 May 2007 14:08:37 -0600 From: Ray <ray@stilltech.net> To: freebsd-questions@freebsd.org Subject: Re: How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved] Message-ID: <200705081408.38367.ray@stilltech.net> In-Reply-To: <20070508195759.GC33045@in-addr.com> References: <2BEB30C2-C9C5-43AB-9DCA-5C9A1B0AC2C0@axis.nl> <405942B8-7714-4F57-914F-24F12DFB206A@axis.nl> <20070508195759.GC33045@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 08 May 2007 1:57 pm, Gary Palmer wrote: > On Tue, May 08, 2007 at 02:51:45PM +0200, Olaf Greve wrote: > > The questions: > > -Can anyone recommend me proper anti spam authorities to whom I can > > report the IP addresses that caused the issues on my machine? > > 99.9999999999% of the hits will be from zombie PCs which have one or > more virus infections. Reporting them might get the ISP to get their > customer to clean up their PC, but I doubt it. You can try. > > > -At present, in Apache I have added: > > <Location ~ "store_comments_script.php"> > > Order deny,allow > > Deny from all > > </Location> > > Can anyone tell me of a good way to only ever allow calls to this > > script coming from the proper previous script, or should this be > > handled from PHP itself? > > Perhaps this question isn't very clear, but what I'm looking for is a > > way to block any and all direct calls to this script, that originate > > from anywhere but from the photography site itself. > > > > Can anyone help me perhaps with those two thingies? > > You cannot assume the referrer header is truthful. The only way to try > to do this is to have a hidden form field on the photography site with > a randomly generate number in it. The number should also be stored in the > session. If the number in the session does not match the number in the > hidden form field, refuse the post. > > If you want to be really nasty, randomise the hidden field name also. and if you're ultra paranoid, encrypt the number in the session. Ray > > But basically you need to start researching PHP security - none > of these issues are new and are addressed in a variety of books and > online documents. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705081408.38367.ray>