i've just had someone using some sort of script or something to send tons of random junk mail to me via the linkdead2.cgi script
ie:
#!/usr/local/bin/perl
# -------------
# Links
# -------------
# Links Manager
#
# File: linkdead.cgi
# Notifies the webmaster of a deadlink
# Author: Glenn Utteridge
# Based on and designed to be used with
#Links 2 by: Alex Krohn
# Email: alex@gossamer-threads.com
# Web: http://www.gossamer-threads.com/
# Version: 2.0
#
# (c) 1998 Gossamer Threads Inc.
#
# This script is not freeware! Please read the README for full details
# on registration and terms of use.
# =====================================================================
#
#
# Setup:
# Make sure the require statement below points to the config file.
eval {
($0 =~ m,(.*)/[^/]+,) && unshift (@INC, "$1"); # Get the script location: UNIX /
($0 =~ m,(.*)\\[^\\]+,) && unshift (@INC, "$1"); # Get the script location: Windows \
require "admin/links.cfg"; # Change this to full path to links.cfg if you have problems.
require "$db_lib_path/db_utils.pl";
require "$db_lib_path/links.def";
$build_use_templates ?
require "$db_lib_path/site_html_templates.pl" :
require "$db_lib_path/site_html.pl";
};
if ($@) {
print "Content-type: text/plain\n\n";
print "Error including libraries: $@\n[/url]";
print "Make sure they exist, permissions are set properly, and paths are set correctly.";
exit;
}
# ========================================================
eval { &main; }; # Trap any fatal errors so the program hopefully
if ($@) { &cgierr("fatal error: $@"); } # never produces that nasty 500 server error page.
exit; # There are only two exit calls in the script, here and in in &cgierr.
sub main {
#-------------------------------------------------------------------
# Main Routine
# Sends an email to the admin, letting him know that there is a dead link.
my %in = &parse_form();
# Check to make sure that there is an admin email address defined.
$db_admin_email or &cgierr("Admin Email Address Not Defined in config file!");
my $to = $db_admin_email;
my $from = $in{'From'};
my $subject = "Deadlink ID number: $in{'ID'}\n";
my $msg = qq|
The following link is reported to be dead:
ID number: $in{'ID'}
Site title: $in{'Title'}
Site URL: $in{'URL'}
Category: $in{'Category'}
Description: $in{'Description'}
Comment: $in{'Comment'}
|;
# Then mail it away!
require "$db_lib_path/Mailer.pm";
my $mailer = new Mailer ( { smtp => $db_smtp_server,
sendmail => $db_mail_path,
from => $from,
subject => $subject,
to => $to,
msg => $msg,
log => $db_mailer_log
} ) or return;
$mailer->send or return;
&site_html_deadlink_mail;
}
since they are going directly to linkdead2 and not via linkdead i'm having trouble adding the referer script:
# Check Referers
@db_referers = ('site.com','www.site.com');
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_add_failure ("Please don't try to spam the directory with deadlink submissions");
return;
}
}
Any idea how i can get it working so it checks the referer first?
Or preferably since that can be spoofed - how about ensuring that the 'ID' is a number (since they seem to be fooling the script into sending the subject of the email via the "ID" code)?
thanks
ie:
Code:
#!/usr/local/bin/perl
# -------------
# Links
# -------------
# Links Manager
#
# File: linkdead.cgi
# Notifies the webmaster of a deadlink
# Author: Glenn Utteridge
# Based on and designed to be used with
#Links 2 by: Alex Krohn
# Email: alex@gossamer-threads.com
# Web: http://www.gossamer-threads.com/
# Version: 2.0
#
# (c) 1998 Gossamer Threads Inc.
#
# This script is not freeware! Please read the README for full details
# on registration and terms of use.
# =====================================================================
#
#
# Setup:
# Make sure the require statement below points to the config file.
eval {
($0 =~ m,(.*)/[^/]+,) && unshift (@INC, "$1"); # Get the script location: UNIX /
($0 =~ m,(.*)\\[^\\]+,) && unshift (@INC, "$1"); # Get the script location: Windows \
require "admin/links.cfg"; # Change this to full path to links.cfg if you have problems.
require "$db_lib_path/db_utils.pl";
require "$db_lib_path/links.def";
$build_use_templates ?
require "$db_lib_path/site_html_templates.pl" :
require "$db_lib_path/site_html.pl";
};
if ($@) {
print "Content-type: text/plain\n\n";
print "Error including libraries: $@\n[/url]";
print "Make sure they exist, permissions are set properly, and paths are set correctly.";
exit;
}
# ========================================================
eval { &main; }; # Trap any fatal errors so the program hopefully
if ($@) { &cgierr("fatal error: $@"); } # never produces that nasty 500 server error page.
exit; # There are only two exit calls in the script, here and in in &cgierr.
sub main {
#-------------------------------------------------------------------
# Main Routine
# Sends an email to the admin, letting him know that there is a dead link.
my %in = &parse_form();
# Check to make sure that there is an admin email address defined.
$db_admin_email or &cgierr("Admin Email Address Not Defined in config file!");
my $to = $db_admin_email;
my $from = $in{'From'};
my $subject = "Deadlink ID number: $in{'ID'}\n";
my $msg = qq|
The following link is reported to be dead:
ID number: $in{'ID'}
Site title: $in{'Title'}
Site URL: $in{'URL'}
Category: $in{'Category'}
Description: $in{'Description'}
Comment: $in{'Comment'}
|;
# Then mail it away!
require "$db_lib_path/Mailer.pm";
my $mailer = new Mailer ( { smtp => $db_smtp_server,
sendmail => $db_mail_path,
from => $from,
subject => $subject,
to => $to,
msg => $msg,
log => $db_mailer_log
} ) or return;
$mailer->send or return;
&site_html_deadlink_mail;
}
since they are going directly to linkdead2 and not via linkdead i'm having trouble adding the referer script:
Code:
# Check Referers
@db_referers = ('site.com','www.site.com');
if (@db_referers) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_add_failure ("Please don't try to spam the directory with deadlink submissions");
return;
}
}
Any idea how i can get it working so it checks the referer first?
Or preferably since that can be spoofed - how about ensuring that the 'ID' is a number (since they seem to be fooling the script into sending the subject of the email via the "ID" code)?
thanks
