Hi all,
I'm one of the many people who cannot add password protection to my cgi-bin directory for links and in the past have had various problems with people validating records in an adult/unsuitable way.
As a fix to the problem I found that if I rename the admin script when not in use I don't have any unauthorised access, but until today I couldn't figure out how people were finding the admin script in the first place.
I found out how because on validating a record I got the following error from the server that was supposed to be hosting the submitted site:
HTTP Referrer: http://www.qango.com/cgi-local/amdinscriptname?db=links&validate_form=1
Now this obviously gets recorded in some people's stats/logs and in the past people have been curious and tested the URL, found my admin script, and had some 'fun' with it (not so fun for me to have to explain to people why their link reads like an adult porn link
).
Now although I rename the admin script now so as to invalidate requests to the 'proper' name I was wondering if there is a way to stop links leaving this info behind when I'm validating records?
All the best
Shaun
------------------
Shaun Hague
Webmaster - Qango.com
www.qango.com/central/
[This message has been edited by qango (edited February 06, 2000).]
I'm one of the many people who cannot add password protection to my cgi-bin directory for links and in the past have had various problems with people validating records in an adult/unsuitable way.
As a fix to the problem I found that if I rename the admin script when not in use I don't have any unauthorised access, but until today I couldn't figure out how people were finding the admin script in the first place.
I found out how because on validating a record I got the following error from the server that was supposed to be hosting the submitted site:
HTTP Referrer: http://www.qango.com/cgi-local/amdinscriptname?db=links&validate_form=1
Now this obviously gets recorded in some people's stats/logs and in the past people have been curious and tested the URL, found my admin script, and had some 'fun' with it (not so fun for me to have to explain to people why their link reads like an adult porn link
). Now although I rename the admin script now so as to invalidate requests to the 'proper' name I was wondering if there is a way to stop links leaving this info behind when I'm validating records?
All the best
Shaun
------------------
Shaun Hague
Webmaster - Qango.com
www.qango.com/central/
[This message has been edited by qango (edited February 06, 2000).]
I found out how I managed to get 'hacked' !