Hello Lengua!
From the form one can find it out the exact location of add.cgi etc.
Can one program a script like redirect.cgi that redirects the request of the local URL within the same directory to the real location of the location of the add.cgi "Without shouting in the Browser field Location" where it is leading to?
This can also be strongly programmed from a controlled behavior, that it checks for the @referrer + ENV
Once this "Shift Location" is eastabilished -- Within the Local directory -- then I beleive it should be less problem for the add.cgi to recognize the refferrer. I can be completely wrong, so pease do not debate on it.
This assumes the following for a solution :
1 - Redirect.cgi >>> A transfer cgi script that changes the request to anathor URL displaying
http://www.Website.com/cgi-bin/redirect.cgi?/add.cgi
In the print routine of this, one uses the URL cleaning method, if possible. It then cleans the directory path (Or to misguide peoplle, prints a wrong path!!!) and displays only the file name. Therefore the basic security is achieved.
2 - Modification of Add.cgi
There one inserts the BadURLs or Dissallow.txt routine. The add.cgi then looks for a list of all the words in this ASCI file and disallows if it finds out something comparable in there. Again it already has the @refferer tag in there which also again checks that only redirect.cgi is authorised to take add.cgi in arms and no one elso.
3 - Add.cgi can be made complex.
This can be modified to handle variables and print them again via web browser which then people have to add something like a password and submit or fill out an extra field. So an extra step making the like of mass submitter a bit more difficult, however making it only "One click + one word more difficult"
4 - Chaning the pattern of submission.
The add.cgi is not disclosed at all from the web. The submit form only takes an email address from submitter and then answers a reply the exact location of the Add.cgi. Then the person goes there to continue the submission in full. This can be done with the help of email printing where there is the Add.cgi location address. This can be changed every day. It only makes the life of a person more complicated who does mass emailing.
I have also been shouting enough, with all the possible positive intentions, that basic functionality needs to be re-questioned. I am also of the opinion that something needs to be done reading and looking at the problems like this. What you have is a web horror.
Quote:
I am very disappointed of
the programmer Alex Krohn because I have invested already weeks to seek for a solution, written him a lot of e-mails but he has NOT found a working solution so far.
So you see, from my point of view, a strategic approach needs to be taken also. However if you ONLY depend on the programming it cannot help you. There are all kinds of minds around the web and one has to face them in a clever way as much as possible. Simply passing your frustration to the programmer is something I seriously condemn. How can you can say this? One can understand your frustrations and therefore one tries to help here, on this beautiful, healty and democratic platform "the programmer Alex Krohn" has created, people like you in a good way. The messages from above shows.
I am not an expert nor do I have any more knowledge of Links v2.0. All I have written above are simple basic idea with the spirit of help and not a "Return critism". If I cannot help you, sorry to make you visit here again because of the automatic emailing, and making this message heavy for its download.
------------------
rajani