Re: Re (2_: Spammers and my form

Limiting access by IP address will add enough security for his purposes. Sure, a determined hacker could spoof IP addresses and access the script. But a spammer's bot isn't that sophisticated. Blocking by IP address will stop them and is easy to implement. It should be implemented with web server access control instead of in the script.

Similarly, basic authentication would be helpful and easy to get working. Won't stop sniffing or brute-force search, but it will provide a little more security for leaving it open to the world.

He is using a Matt Wright script is probably a good idea too. Lack of access controls means anyone can post messages. Bad code can mean that anyone can do violenc to his machine.

Comment on Re: Re (2_: Spammers and my form

Replies are listed 'Best First'.
Re (3): Spammers and my form by VSarkiss (Monsignor) on Apr 28, 2003 at 20:30 UTC
He is using a Matt Wright script is probably a good idea too. I can't parse that sentence, but are you saying it's a good thing that he's using an MSA script? I disagree strongly. Matt Wright has publicly stated that those scripts have problems and are insecure, that he wrote them when he didn't know much about programming or internet security. But a spammer's bot isn't that sophisticated. I wouldn't know, I've never written a spambot. ;-) Basically, my point is that there are some good techniques described in this thread, and limiting by IP is a half measure at best. Use one of the better ones.	[reply]
Re: Spammers and my form by iburrell (Chaplain) on Apr 29, 2003 at 16:13 UTC
That sentence is missing a few important words. It is a bad thing that he is using a Matt Wright script. The good idea is finding something else to replace it. Limiting by IP address is a half measure. I was just pointing out that sometimes a half measure is better than nothing. Many times, a couple of half measures is all that is required. They shouldn't be mistaken for real security. It all depends on how easy it is to implemenet and what level of security is required.	[reply]