[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
- Subject: Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
- From: Larry Smith <lesmith@xxxxxxxxx>
- Date: Tue Jun 25 10:32:01 2002
- Organization: ECSIS.NET
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
INRE Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9:
> On Tue, 25 Jun 2002, Larry Smith wrote:
> > While probably _not_ the perfect answer for everyone, my action has been
> > to create a "different" formmail.pl that (1) has the recipient changed to
> > something else (mail_to, my_addy or something off-wall); (2) hard-coded
> > this new "recipient" into each version/copy of the script that I need so
> > that the program will "only" send to that address;
>
> It also really helps to call it something other than formmail...since
> spiders crawl over your pages, and can report the url of a web page that
> contains formmail. I see lots of hits STILL coming into a url that used
> to have formmail called over 2 years ago.
*BEST* thing to do here is to _insure_ that every domain (web directory)
contains a "robots.txt" file that _tells_ the search engines and what-not
which directories and files they are _not_ to index. Basic syntax (my
default copy) is: (owner/group nobody.site?? - mode 644).
--------- CUT HERE ---------------
# Generic RAQ Robots Text file
User-agent: *
Disallow: /stats/
Disallow: /images/
Disallow: /cgi-bin/
Disallow: /cobalt.html
Disallow: /postinfo.html
--------- CUT HERE ---------------
The above tells ALL spiders/robots/search engines to ignore the stats,
cgi-bin and images directories, the cobalt.html file (I rename the original
index.html intro page to cobalt.html) and the postinfo.html file which is a
"key" to let remotes know that frontpage is configured on this site...
> (3) test the incoming original
>
> > "recipient" form value to see if it matches what I know is in the form,
> > and if _not_ send me (admin) a mail message with the IP address and copy
> > of what was submitted; [ and (4) here locally add _that_ IP to my deny
> > tables ].
>
> I'd like to see that code...even though I'm not running formmail by that
> name, I'd like to automate logging which IPs are still trying to call it.
No problem. Here is the "remote IP" section that I use:
Append to the bottom of the message sent)
--------------- CUT HERE -------------------------------
print MAIL "Server protocol: $ENV{'SERVER_PROTOCOL'}\n";
print MAIL "Remote host: $ENV{'REMOTE_HOST'}\n";
print MAIL "Remote User: $ENV{'REMOTE_USER'}\n";
print MAIL "Remote IP address: $ENV{'REMOTE_ADDR'}\n";
--------------- CUT HERE -------------------------------
Here it gets a bit trickier, depending upon how you program the script
itself. Personally I change the "recipient" to something like "mail_to_me"
and then use the following code:
NOTE: the mail_to_me parameter MUST be already defined as who
the forms messages should _really_ be going to.
----------- CUT HERE --------------------------------
if ( $FORM{'recipient'} ne $mail_to_me ) { ## someone is playing
.....
....
<< use same code from MAIL portion>>
<< to send a mail message to "admin" >>
<< with IP and addresses that remote >>
<< is trying to use >>>
} ## end test recipient code
----------- CUT HERE --------------------------------
Hope this helps / gives you an idea of what I am talking about...
Happy to get "more" specific, but probably best off-list so we don't bore
others with details they might not be interested in or worse, understand...
--
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx