How to make Apache (2.2.4) less greedy, or Sendmail less polite? [semi-solved]

[Ray]

On Tuesday 08 May 2007 1:57 pm, Gary Palmer wrote:
> On Tue, May 08, 2007 at 02:51:45PM +0200, Olaf Greve wrote:
> > The questions:
> > -Can anyone recommend me proper anti spam authorities to whom I can
> > report the IP addresses that caused the issues on my machine?
>
> 99.9999999999% of the hits will be from zombie PCs which have one or
> more virus infections.  Reporting them might get the ISP to get their
> customer to clean up their PC, but I doubt it.  You can try.
>
> > -At present, in Apache I have added:
> > <Location ~ "store_comments_script.php">
> >     Order deny,allow
> >     Deny from all
> > </Location>
> > Can anyone tell me of a good way to only ever allow calls to this
> > script coming from the proper previous script, or should this be
> > handled from PHP itself?
> > Perhaps this question isn't very clear, but what I'm looking for is a
> > way to block any and all direct calls to this script, that originate
> > from anywhere but from the photography site itself.
> >
> > Can anyone help me perhaps with those two thingies?
>
> You cannot assume the referrer header is truthful.  The only way to try
> to do this is to have a hidden form field on the photography site with
> a randomly generate number in it.  The number should also be stored in the
> session.  If the number in the session does not match the number in the
> hidden form field, refuse the post.
>
> If you want to be really nasty, randomise the hidden field name also.
and if you're ultra paranoid, encrypt the number in the session.
Ray

>
> But basically you need to start researching PHP security - none
> of these issues are new and are addressed in a variety of books and
> online documents.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"