Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Are Perl or PHP scripts easier to secure?

by erasei (Pilgrim)
on Oct 15, 2003 at 17:01 UTC ( [id://299463]=note: print w/replies, xml ) Need Help??


in reply to Are Perl or PHP scripts easier to secure?

While writing a script to do the same thing from scratch might be good practice, I don't think it is totally necessary in this case. In this case of the form mailer script it accepts the 'To:' from the post. In most form mailer scripts the email is always going to be sent to the same person. It would be easier to just change the script to hard code the To: field.

Also, you might want to rename the script so that crawlers don't find it as easily. Don't rely on this to keep you safe by any means, but at least you won't get DOSed by spammers trying (in vain) to send email through your new secured version of that script.

  • Comment on Re: Are Perl or PHP scripts easier to secure?

Replies are listed 'Best First'.
Re: Re: Are Perl or PHP scripts easier to secure?
by belize (Deacon) on Oct 15, 2003 at 17:40 UTC
    Are you saying that hard coding the To: field would solve most of the problem with SPAMMERS using the script to access the SMTP server on the site?
[reply]
      Yes. The way the spammers are hijacking your script is by sending their own To: field (the person being spammed) and their own Body: field (the spam itself).

      If you hard code the To: field, the spammer won't be able to send email to anyone other than the person hard coded already. That defeats the purpose for them, and they won't use it.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://299463]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (4)
As of 2024-04-16 12:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found