Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wwwboard my help reveal user name and password

From: systsec () YAHOO COM (Simon Hughes)
Date: Wed, 12 Jul 2000 05:07:59 -0000

I have got a script that was modifyed to detect: proxy, 
resolve IP so spoofing cannot be used, Pings the posters IP 
to check that the address exists, also uses a time limit so 
if you do more than one post in a few seconds it blocks 
your IP so multiple posts cannot happen.
There's more on this script but I cannot find it,sorry.

Credit to this modification should go to:
'The Mr.Fong Device' Team,
http://www.cyberarmy.com
www.cyberarmy.com/wwwboard

------------------------------------------------------------
-------------
I think adding referrer checking is useless.  One can spoof 
a
Referrer: header in a http request just as easily as spoof 
the actual
requests.
Previous By Date Next
Previous By Thread Next

Current thread: