__/ [BG] on Sunday 12 February 2006 00:51 \__
> "SmakDaddy" <smakdaddy@xxxxxxxxxxxxxxxxxxx> wrote in message
>> "BG" <johndoe@xxxxxxxxxxxxxxx> wrote in message
>>> Several years ago I bought a nifty little program called CGI Star Pro and
>>> automatically created cgi script for my forms. I am not nor have I ever
>>> been a hacker, but I have reason to believe that these old cgi scripts
>>> an open door for spammers. I just basically went through and jerked all
>>> scripts and replaced with a standard contact page and an email address.
>>> Anyway, now I have a client that really, really wants a form. What is a
>>> really good, secure solution that can be used for this? TIA
> This looks pretty good. Thanks for the tip!
Choose an arcane or a rarely-used script that will not leave doors open to
widely-known exploits. If the form has identifiers or attributions in it
(e.g. a footer with link(s) to the homepage of the package, version numbers
in the header), then remove them. There are automated tool to search for
such pages and attempt to smash the common back doors.
Failing that, tailor your own form or create a 'mutant' from a common
successful and reliable script. Taking Advanced Guestbook, for example, I
once installed it and got spammed every day. I then used a more secure
derivative to replace it. The outcome: I only got spammed twice in about 6
months. Saved me /a lot/ of trouble.
Hope it helps,
Roy S. Schestowitz | Useless fact: Brazil spans 47.8% of S. America
http://Schestowitz.com | SuSE Linux | PGP-Key: 0x74572E8E
7:10am up 26 days 2:26, 32 users, load average: 1.08, 0.91, 0.69
http://iuron.com - next generation of search paradigms