[FX.php List] Security Concerns with FileMaker Website
Gjermund Gusland Thorsen
ggt667 at gmail.com
Fri Jan 26 03:11:55 MST 2007
Another way is to remove the validation keys if logs are filled to
instensively, let's say a bot has more than 100 requests within 1 hour
on a publically accessible server that number is probably fairly high;
or you might change the number of requests for banning for your own
needs, when you find someone to ban, just do a -fmnew with the browser
data and IP
ggt667
On 1/26/07, Edward L. Ford <elford at cs.bu.edu> wrote:
>
> Per Chris' suggestion, here is a summary of my solution:
>
>
> I've come up with a 4-layer solution to prevent the spam bots from getting
> emails and phone numbers from my site:
> 1. User Agent detection: calls PHPs exit ( ) if I've deemed the UA to be
> "bad" based on my own server logs
> 2. Removing mailto links
> 3. Providing email address as an image (using PHP's GD)
> 4. Linking image to a contact form
>
> I went with user friendliness over all else -- no one wants to deal with
> captcha's. Putting the email address in an image is bad enough without a
> mailto: link. But, this is the only user visible inconvenience --
> everything else is hidden away with PHP detection and never seen by valid
> website users.
>
> I think this was a good discussion on this list, so I thank everyone who
> contributed. Since this has involved many messages already, is
> technically off-topic at this point, I don't wish to spam the list (the
> irony!) with the exacting details of my choices. If you are indeed
> intrested in my choices, including some code samples of what I've done, I'm
> going to refer everyone to a lengthy blog entry I just posted on the nitty
> gritty:
> http://edwardford.net/blog/?p=17 And as always, feedback
> is welcomed.
>
> Cheers,
> --Ed
> ------------------------------------
> http://www.edwardford.net
>
> On Jan 24, 2007, at 1:23 PM, Chris Hansen wrote:
>
> I'd be interested in seeing your final decision posted to the list (i.e.
> this is what I decided I needed, and here's how I did it.) This is a common
> enough situation that I think lots of folks would benefit.
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
>
>
More information about the FX.php_List
mailing list