Re: [users@httpd] How to deny access based on user agent - help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

 I agree,
 
but so far it helps... Maybe rewriting feedback form in javascript, so it
starts existing only after a click on a link or button could help... This
approach helps with email adressess hiding them from spiders. 
 
Viktoras
 
-------Original Message------- 
 
From: Mike Jackson 
Date: 06/24/06 01:41:32 
To: users@xxxxxxxxxxxxxxxx 
Subject: Re: [users@httpd] How to deny access based on user agent - help 
 
 
But that's just security through obscurity. It only gets you so far. I've 
seen newer variations on this that don't look for common exploits - they 
spider the site (or maybe it's a human crawler; my bet's on a spider) and 
look for contact forms, either with common or uncommon names. Once they find

a page with a form on it, they submit like crazy to find vulnerabilities. 
I've seen the same behavior on three different servers, so I know it's not 
an isolated attack. Often they'll start by submitting the same email address

to all the fields on the form, then move on to injecting mail headers into 
the form input, sometimes with a single dot on a line (to fool sendmail into

thinking it's a new message). There's often a common email address in all 
the bogus ones, usually an AOL address - I'll assume they're setting up free

accounts, then abandoning them after they're done with an attack. The last 
time I saw one of these, they used the same IP until it was blocked, then 
moved on to another one. Our ultimate solution was to change the form 
scripts to strip out newline characters - it makes submitted comments look 
funny, but there's no chance of header injection attacks. 
 
 
--------------------------------------------------------------------- 
The official User-To-User support forum of the Apache HTTP Server Project. 
See <URL:http://httpd.apache.org/userslist.html> for more info. 
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx 
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx 
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx 
 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux