On Tuesday 08 May 2007 1:57 pm, Gary Palmer wrote: > On Tue, May 08, 2007 at 02:51:45PM +0200, Olaf Greve wrote: > > The questions: > > -Can anyone recommend me proper anti spam authorities to whom I can > > report the IP addresses that caused the issues on my machine? > > 99.9999999999% of the hits will be from zombie PCs which have one or > more virus infections. Reporting them might get the ISP to get their > customer to clean up their PC, but I doubt it. You can try. > > > -At present, in Apache I have added: > > <Location ~ "store_comments_script.php"> > > Order deny,allow > > Deny from all > > </Location> > > Can anyone tell me of a good way to only ever allow calls to this > > script coming from the proper previous script, or should this be > > handled from PHP itself? > > Perhaps this question isn't very clear, but what I'm looking for is a > > way to block any and all direct calls to this script, that originate > > from anywhere but from the photography site itself. > > > > Can anyone help me perhaps with those two thingies? > > You cannot assume the referrer header is truthful. The only way to try > to do this is to have a hidden form field on the photography site with > a randomly generate number in it. The number should also be stored in the > session. If the number in the session does not match the number in the > hidden form field, refuse the post. > > If you want to be really nasty, randomise the hidden field name also. and if you're ultra paranoid, encrypt the number in the session. Ray
> > But basically you need to start researching PHP security - none > of these issues are new and are addressed in a variety of books and > online documents. > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
