Back in the innocent days of the last century, I would have used a
mailto link in my web page to allow people to cancel me. In the era of
mass harvesting of addresses by spammers and other criminals, that is
no longer prudent. I'd like to write a small CGI that will mail a
message without exposing my address to web spiders. The question is
whether the code for the CGI can still be retrieved via HTTP. Any
information would be appreciated.
BTW, am I reinventing the wheel?
--
Shmuel (Seymour J.) Metz, SysProg and JOAT <http://patriot.net/~shmuel>
Unsolicited bulk E-mail subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to sp******@librar y.lspace.org 15 2065
In article <41************ *************** @news.patriot.n et>, sp******@librar y.lspace.org.in valid enlightened us with... Back in the innocent days of the last century, I would have used a mailto link in my web page to allow people to cancel me. In the era of mass harvesting of addresses by spammers and other criminals, that is no longer prudent. I'd like to write a small CGI that will mail a message without exposing my address to web spiders. The question is whether the code for the CGI can still be retrieved via HTTP. Any information would be appreciated.
BTW, am I reinventing the wheel?
Mailto is bad for a variety of reasons, the least of which is spam
harvesting.
Spiders will not find the mailer addy because it's in server-side code. The
server passes out html to the requester, be it a browser or a spider. The
address isn't IN the html. It's in the params to the mailer.
Yes, you ARE reinventing the wheel. ;)
If you have CGI, use Formmail.pl or similar. If you're using ASP, use CDONTS.
If JSP, JavaMail.
--
--
~kaeli~
Every calendar's days are numbered. http://www.ipwebdesign.net/wildAtHeart http://www.ipwebdesign.net/kaelisSpace
In <MP************ ************@nn tp.lucent.com>, on 08/20/2004
at 02:23 PM, kaeli <ti******@NOSPA M.comcast.net> said: Spiders will not find the mailer addy because it's in server-side code.
Are you saying that there's no way for them to access anthing in
public_html/cgi-bin via HTTP, or just that their spamware doesn't
normally do so?
If you have CGI, use Formmail.pl
doesn't it have security issues?
--
Shmuel (Seymour J.) Metz, SysProg and JOAT <http://patriot.net/~shmuel>
Unsolicited bulk E-mail subject to legal action. I reserve the
right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to sp******@librar y.lspace.org
On Sun, 22 Aug 2004 00:07:26 -0300, Shmuel (Seymour J.) Metz
<sp******@libra ry.lspace.org.i nvalid> wrote: If you have CGI, use Formmail.pl
doesn't it have security issues?
Use the NMS version. It's as secure as you can get AFAIU.
On Sun, 22 Aug 2004 00:07:26 -0300, "Shmuel (Seymour J.) Metz"
<sp******@libra ry.lspace.org.i nvalid> wrote: In <MP************ ************@nn tp.lucent.com>, on 08/20/2004 at 02:23 PM, kaeli <ti******@NOSPA M.comcast.net> said:
Spiders will not find the mailer addy because it's in server-side code.
Are you saying that there's no way for them to access anthing in public_html/cgi-bin via HTTP, or just that their spamware doesn't normally do so?
If the server is correctly configured it is not possible for anyone
external to access cgi-bin. If it is incorrectly configured,
address-harvesters still wouldn't find the address unless someone has
linked to the file concerned. If you have CGI, use Formmail.pl
doesn't it have security issues?
The original Matt Wright version does; there are other versions around
with a better reputation.
Actually spam harvesters are not very sophisticated. There was an
investigation done a while ago (a year?) which concluded that you could
adequately hide your address just by replacing a character or two in the
address (especially the '@') by its numeric equivalent.
--
Stephen Poley http://www.xs4all.nl/~sbpoley/webmatters/
Stephen Poley <sb************ ******@xs4all.n l> wrote: Actually spam harvesters are not very sophisticated. There was an investigatio n done a while ago (a year?) which concluded that you could adequately hide your address just by replacing a character or two in the address (especially the '@') by its numeric equivalent. http://www.cdt.org/speech/spam/030319spamreport.shtml
--
Spartanicus
I seem to be missing a message from this thread, so apologies if I've
missed something important.
Stephen Poley wrote: "Shmuel (Seymour J.) Metz" wrote:
kaeli said:
Spiders will not find the mailer addy because it's in server-side code. Are you saying that there's no way for them to access anthing in public_html/cgi-bin via HTTP,
If the server is correctly configured it is not possible for anyone external to access cgi-bin.
This doesn't make any sense. If the public cannot access /cgi-bin/,
what purpose can it serve?
If it is incorrectly configured, address-harvesters still wouldn't find the address unless someone has linked to the file concerned.
There will always be at least one reference to a formmail script from
the html page that contains the form. You could use rewrite to hide even
that reference, but ultimately, there must be a cgi script, it must be
accessible via http, and you must grant read and execute privelages to
all. You can, however, hide the cgi script's configuration files outside
of the document root, and only place email addresses, and sensitive
server info, in those configuration files.
BTW, I don't know of any spider that tried to look at cgi scripts for
addresses. But, if configured correctly, this should not be an issue. If you have CGI, use Formmail.pl
doesn't it have security issues?
The original Matt Wright version does; there are other versions around with a better reputation.
Namely, NMS Formmail. You can also consider NMS TFmail. Lots more options. http://nms-cgi.sourceforge.net/
--
Brian (remove ".invalid" to email me) http://www.tsmchughs.com/
Stephen Poley wrote: If the server is correctly configured it is not possible for anyone external to access cgi-bin.
Brian <us*****@juliet remblay.com.inv alid> posted:
This doesn't make any sense. If the public cannot access /cgi-bin/, what purpose can it serve?
I think he meant that the public can't access the files themselves in
there, merely interact with them. i.e. They can't read the program code,
just send it data and see the results.
--
If you insist on e-mailing me, use the reply-to address (it's real but
temporary). But please reply to the group, like you're supposed to.
This message was sent without a virus, please delete some files yourself.
In article <1g************ *************** ***@40tude.net> , ti*@mail.localh ost.invalid enlightened us with... Stephen Poley wrote:
If the server is correctly configured it is not possible for anyone external to access cgi-bin.
Brian <us*****@juliet remblay.com.inv alid> posted:
This doesn't make any sense. If the public cannot access /cgi-bin/, what purpose can it serve?
I think he meant that the public can't access the files themselves in there, merely interact with them. i.e. They can't read the program code, just send it data and see the results.
Exactly.
Just like people can see the RESULTS of my JSP pages, but they can't read the
actual Java code that produced them. They can type in the URL and they'll see
a page, but that page has nothing on it for the client except HTML. Yet the
JSP page on the server has all kinds of beans and tags. Neat, eh? ;)
--
--
~kaeli~
The definition of a will?... (It's a dead giveaway.) http://www.ipwebdesign.net/wildAtHeart http://www.ipwebdesign.net/kaelisSpace
Tim wrote: Stephen Poley wrote:
If the server is correctly configured it is not possible for anyone external to access cgi-bin.
Brian posted:
If the public cannot access /cgi-bin/, what purpose can it serve?
I think he meant that the public can't access the files themselves in there, merely interact with them. i.e. They can't read the program code, just send it data and see the results.
Oh, right. Apologies to M. Poley, I lost my head. Still, I prefer to put
the script in a publicly accessible place with little or no sensitive
information. I keep that outside of the document root.
-- home -- www files -- foo (scripts, no passwords etc.)
| |--bar (scripts, no sensitve info)
|
|
--config files for scripts, *outside* of document root
--
Brian (remove ".invalid" to email me) http://www.tsmchughs.com/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Lorenzo |
last post by:
hi you all,
first of all apologies for having cross-posted this message but really
i did not know where to post it. please let me know what ng you
consider the most suitable for the described issue.
i wrote a program made by a client and a server that communicate via
RMI
premise 1) everything has been developed and executed on WinXP
Professional and the following jre
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!
|
by: TechBoy |
last post by:
I am trying to learn on the fly about Access Security for an app we are
developing. I realize Access security is an advanced subject with many
details. I wanted to share a scenario and ask a couple of questions.
Scenario:
I have MyApp.MDB up on a file server.
I also have two Client PC's: Client1 and Client2 who use MyApp.
(Both Client's are running Access 2002)
On Client1's PC:
|
by: prithvi g via .NET 247 |
last post by:
Hi
I am a newbie to .NET remoting, I am trying to implementauthorization using SSPI example provided by Michael Barnett. Ihave included the required dll(Microsoft.Samples.Security.SSPI.dll andMicrosoft.Samples.Runtime.Remoting. Security in both my clientand server. I have have defined my config files as follows
for client
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.runtime.remoting>
<application>
<channels>...
|
by: Ken Cox [Microsoft MVP] |
last post by:
MS has posted this here:
http://www.asp.net/faq/ms03-32-issue.aspx
Fix for: 'Server Application Unavailable' Error after Applying Security Update
for IE
-------------------------------------------------------------------------------
-
| |
by: Carl Gilbert |
last post by:
Hi
I am trying to get an online gallery to work (www.ngallery.org). I have
managed to get it all working on my local host but I can not get it to work
on my web space.
The site can be found at www.gallerox.com which should re-direct to
www.gallerox.com/gallerox/default.aspx
I have put the bin directory in the /gallerox folder as I have a re-director
|
by: Magdelin |
last post by:
Hi,
My security team thinks allowing communication between the two IIS instances
leads to severe security risks. Basically, we want to put our presentation
tier on the perimeter network and the business tier inside the fire wall or
internal network. The biz tier will be developed and deployed as web services
on IIS.
I know microsoft recommends this architecture but I am not able to convince
my security team. They say IIS is vulnerable...
|
by: hansBKK |
last post by:
Upfront disclaimer - I am a relative newbie, just starting out learning
about PHP, mostly by researching, installing and playing with different
scripts. I am looking for a host that will provide the right environment
for this - running a wide variety of PHP applications. I realise that
security is also important, but for now flexibility is more important to
me.
Note that I'm **not** looking for people to recommend hosting companies,
I...
|
by: Earl Anderson |
last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy,
but in an effort to furnish sufficient information (as opposed to too little
information) to you, I wanted to supply all of the relevant facts. Second,
despite the fact that I think the obvious 'quick' answer to my question
would be 'Yes', I am seeking your wisdom and recommendation to the question
as to this particular set of circumstances.
I have 20 Security...
|
by: =?Utf-8?B?Tmljb2xl?= |
last post by:
Hello,
I developped an ASP.Net Web Site in C# language. It can save the Project
Server URL, connect to Project Server and create a Project on it. I debugged
it and ran it correctly from Visual Studio 2005.
Then, I published it on the local IIS Server from Visual Studio 2005.
But I wanted to run it with Internet Explorer. I had problems to open it.
Therefore I used the same port as SharePoint.
I can open it. But when I click on the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |