Re: Web server security
- From: Sylvain Robitaille <syl@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 2 Jun 2007 03:22:51 +0000 (UTC)
Moe Trin wrote:
PHP is _so_ easy to abuse.
I know I'm being pedantic, but I think there is an important distinction
to be made:
Poorly written PHP code is an easy target for abuse. PHP itself is
just a language interpretter.
To the OP ...
So my question is, what security measures should I take to ensure that
only legitimate emails sent through the web forms come through and not
the ones filled out by bots?
You've gotten some good advice already, that will certainly be worth the
time you take to research and learn more about. In your travels, be
sure to examine the idea of chroot-ing the web server. I agree with
previous assessments that most likely you have a poorly written script
that is being abused, as many others have been in the past (read: same
old problems in new attire).
My recommendation is that you disable any mailing functionality in your
PHP scripts (perhaps have it simply write user input to a local file
which is checked daily by a human) until you have a better grasp of how
to write the script so it can't be abused as easily. I imagine that's
not the sort of advice you were hoping for, but it's the best I can offer.
--
----------------------------------------------------------------------
Sylvain Robitaille syl@xxxxxxxxxxxxxxxxxx
Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------
.
- Follow-Ups:
- Re: Web server security
- From: Moe Trin
- Re: Web server security
- From: Tim S
- Re: Web server security
- References:
- Web server security
- From: Shidony
- Re: Web server security
- From: Moe Trin
- Web server security
- Prev by Date: Re: Web server security
- Next by Date: Re: Web server security
- Previous by thread: Re: Web server security
- Next by thread: Re: Web server security
- Index(es):
Relevant Pages
|
