Re: [mod-security-users] Wrong post trigger
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] Wrong post trigger
|
From: Justin G. <web...@sw...> - 2005-12-16 08:50:53
|
What solution can PHP add? You do want to have an email address as an ARG, right?
You do want to have multiple recipients, right?
If this is a private server and it DOESN'T do mailing lists (only submission forms),
you can tweak the smtp to send one mail/minute. Spammers will not waiste time on a server
that sends one message per minute out and will probably leave you alone.
For better performance, put the mailboxes on the same server as the web and set the smtp to
send to local immediatelly and remote email one per minute.
Justin
Gerwin Krist -|- Digitalus Webhosting wrote:
> He Justin,
>
> We do install it on a private server (i still not agree on your opinion
> though), I rather see php adding a solution for it.
>
> Greetings,
>
> On Friday 16 December 2005 09:33, Justin Grindea wrote:
>
>>Gerwin,
>>
>>Unless this is a dedicated server in which you have absolute control on the
>>scripts, I find these techniques more hurting than adding something...
>>
>>We are using shared servers here and anything we tried gave false
>>positives.
>>
>>We are hitting the issue from a different pov - installing spam-assassin on
>>the gateway and quarantining the suspected spam messages for later review.
>>If we find false positives, we instruct the client on how to fix it (mainly
>>modify the email text).
>>Adding spamhaus/spamcop with a big score in spam-assassin does the trick,
>>many spammers are blacklisted or use zombies to send spam which are also
>>getting listed fast in the bls.
>>
>>happy spam fighting,
>>
>> Justin
>>
>>Gerwin Krist -|- Digitalus Webhosting wrote:
>>
>>>Hey there my fellow list readers. I was testing some new rules (mostly
>>>for php email injection rules), for this it was required to have ScanPOST
>>>on.
>>>
>>>I have the following rule:
>>>SecFilterSelective ARGS_VALUES
>>>"(http:/).+(\.txt|\.jpg|\.dat|\.gif|\.jpeg \.ini|\:[0-9]{1,9})"
>>>Which should check for remote locations in server arguments (GET) only
>>>right? Well mod_security also triggers it when I put a remote location in
>>>an email form. Am I making a thinking error here? Maybe I looked to long
>>>to this issue :)
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Splunk Inc. Do you grep through log
>>files for problems? Stop! Download the new AJAX search engine that makes
>>searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
>>http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
>>_______________________________________________
>>mod-security-users mailing list
>>mod...@li...
>>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>
>
|
