Re: How to determine which PHP-script allows spamming?
- From: ascii <ascii@xxxxxxxxxxxx>
- Date: Fri, 14 Apr 2006 03:03:29 +0200
Kurt Seifried wrote:
not allow it to request things). If you want to be really anal simply
disallow any outgoing connection attempts for TCP SYN, this will prevent
i love bofh solutions and have to agree with Seifried
in php you can do this by allow_url_fopen 0
allow_url_fopen "1" PHP_INI_SYSTEM
PHP_INI_ALL in PHP <= 4.3.4. Available since PHP 4.0.4.
this don't stop your clients from using functions like fsockopen and
socket_ so people that need to fetch remote data is still able use these
functions and handle a simple http get request manually
this is like open_basedir that doesn't affect (naturally)
exec/system/shell_exec/proc_/passthru/backtick functions
anyway filter the outgoing traffic != allow_url_fopen 0
also a transparent squid on the gateway of your web servers could be a
good idea to identify abuses
regards, Francesco 'ascii' Ongaro, http://www.ush.it/
- References:
- Re: How to determine which PHP-script allows spamming?
- From: Rainer Duffner
- Re: How to determine which PHP-script allows spamming?
- From: Kurt Seifried
- Re: How to determine which PHP-script allows spamming?
- Prev by Date: Re: How to determine which PHP-script allows spamming?
- Next by Date: Re: How to determine which PHP-script allows spamming?
- Previous by thread: Re: How to determine which PHP-script allows spamming?
- Next by thread: Re: How to determine which PHP-script allows spamming?
- Index(es):
