Re: Web server security

Moe Trin wrote:

PHP is _so_ easy to abuse.

I know I'm being pedantic, but I think there is an important distinction
to be made:

Poorly written PHP code is an easy target for abuse. PHP itself is
just a language interpretter.

To the OP ...

So my question is, what security measures should I take to ensure that
only legitimate emails sent through the web forms come through and not
the ones filled out by bots?

You've gotten some good advice already, that will certainly be worth the
time you take to research and learn more about. In your travels, be
sure to examine the idea of chroot-ing the web server. I agree with
previous assessments that most likely you have a poorly written script
that is being abused, as many others have been in the past (read: same
old problems in new attire).

My recommendation is that you disable any mailing functionality in your
PHP scripts (perhaps have it simply write user input to a local file
which is checked daily by a human) until you have a better grasp of how
to write the script so it can't be abused as easily. I imagine that's
not the sort of advice you were hoping for, but it's the best I can offer.

Sylvain Robitaille syl@xxxxxxxxxxxxxxxxxx

Systems and Network analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada

Relevant Pages

    ... php classified script ... guestbook ardguest free php guestbook script ... php file upload script ...
  • Re: How do we get there from here?
    ... server-side-scripted html. ... This is a simple example with very little php scripting. ... means that the version of the php pre-processor on your web server must ... >>> The browser never sees anything not sent to it by the script. ...
  • Copying and Deleting Files Using PHP-Nuke
    ... Copying and Deleting Files Using PHP-Nuke ... PHP language. ... subject to the permissions of the user id the web server is running ... included by the admin.php script. ...
  • Re: [PHP] PHP console script vs C/C++/C#
    ... My script is taking a longer time to execute than I want. ... I prefer to write in PHP because that is what I know best. ... This is why I am thinking about rewriting my whole script in a C language. ... Perhaps there are different methods I could be using to speed up execution. ...
  • Re: PHP-FTP Downloading Files
    ... I am trying to download a file to my local machine using PHP. ... when the script runs the file is placed in the folder ... C:\TestShowID.txt in the user's FTP folder on the web server. ...