How to make Apache (2.2.4) less greedy,
or Sendmail less polite? [semi-solved]
Gary Palmer
gpalmer at freebsd.org
Tue May 8 19:58:02 UTC 2007
On Tue, May 08, 2007 at 02:51:45PM +0200, Olaf Greve wrote:
>
> The questions:
> -Can anyone recommend me proper anti spam authorities to whom I can
> report the IP addresses that caused the issues on my machine?
99.9999999999% of the hits will be from zombie PCs which have one or
more virus infections. Reporting them might get the ISP to get their
customer to clean up their PC, but I doubt it. You can try.
> -At present, in Apache I have added:
> <Location ~ "store_comments_script.php">
> Order deny,allow
> Deny from all
> </Location>
> Can anyone tell me of a good way to only ever allow calls to this
> script coming from the proper previous script, or should this be
> handled from PHP itself?
> Perhaps this question isn't very clear, but what I'm looking for is a
> way to block any and all direct calls to this script, that originate
> from anywhere but from the photography site itself.
>
> Can anyone help me perhaps with those two thingies?
You cannot assume the referrer header is truthful. The only way to try
to do this is to have a hidden form field on the photography site with
a randomly generate number in it. The number should also be stored in the
session. If the number in the session does not match the number in the
hidden form field, refuse the post.
If you want to be really nasty, randomise the hidden field name also.
But basically you need to start researching PHP security - none
of these issues are new and are addressed in a variety of books and
online documents.
More information about the freebsd-questions
mailing list