Spambot protection

Forum Moderators: phranque

Message Too Old, No Replies

Spambot protection

Is a .txt file in cgi-bin safe?

galaga

12:35 am on Dec 10, 2003 (gmt 0)

I have a mailing list for my website which I run politely, responsibly and correctly. It works with Perl scripts from my cgi-bin. However, the list of addresses it uses are stored in a text file in the cgi-bin along with the scripts that are required for it to run. I was wondering if it would be possible for spambots to harvest the addresses on the list? I suspect the sad truth may be yes. My cgi-bin is chmodded 711 and the folders with the scripts 755 etc in order for them to run. But I know spambots are probably 'rogue' anyway. How at risk are the email addresses and are there any actions I can take to prevent them? I don't want to pollute the email accounts of valued contacts with spam.

Thanks In Advance

mcavic

4:59 am on Dec 10, 2003 (gmt 0)

Bots will be able to read the .txt file if they discover the name of it. You could probably use .htaccess to deny http access to it, as the scripts will be accessing it directly through the filesystem.

marcs

5:04 am on Dec 10, 2003 (gmt 0)

If you don't link to it, you should be OK.

If you are still concerned, simply move the .txt file outside your web directory. Move it in say (on Unix) the home directory for that user. That way no web browser nor bot could view it.

galaga

12:13 pm on Dec 10, 2003 (gmt 0)

Thanks for the help.
Moving it somewhere else is out of the question I think. I don't link to it at all, it only gets called from a cgi script (one that isn't linked to directly either since it's part of the admin section). The .htaccess idea sounds good but I don't know how this works. Would someone be kind enough to offer a brief explanation?

Thanks Again.

davidpbrown

1:23 pm on Dec 10, 2003 (gmt 0)

.htaccess is a config file on Apache servers that allows access filters, redirects and more..

A brief intro to .htaccess [httpd.apache.org]

This should block access to txt files.
<Files *.txt>
Order Allow, Deny
Deny from all
</Files>

There may be an .htaccess file already present to have files in cgi-bin executed by default. It may be safer to put your text files in a subdirectory of cgi-bin along with the .htaccess I've suggested above.

Upload it as a text file htaccess.txt and rename it exactly .htaccess

The file may disappear from sight but is there and will then affect access to files in it's directory and those below it.

galaga

4:29 pm on Dec 10, 2003 (gmt 0)

Thanks. I put a .htaccess file into the subdirectory that the list and some other things were already in. I didn't disappear, it's just sitting there but my scripts still seem to work fine so let's hope that it'll do its job. I often wondered what these .htaccess things were because they appear to be on my server for other scripts I run but I never see them. I take it they are similar in concept to a robots.txt file.
Thanks for all the help.