Joel RichardsWebsite vulnerability scanning tips
If you view your server logs, you may occasionally notice hits to obscure pages on sites that don’t exist, for example URLs like:
/phpmyadmin/scripts/setup.php /PSUser/ /login_outasp
Over a few months I have been gathering these requests for compilation of a list of common URLs that are typically used in vulnerability scanning.
These URLs are hit on an automated basis by bots looking for scripts to exploit (for example above, it’s looking for phpMyAdmin). If you run a server with any third party scripts, particularly those using PHP & ASP as these are the most common you should be aware that there are regular hits to most sites looking for exploitable scripts and should take measures to prevent this.
Read more | 1 comment
Tags: spam, referrer, apache, security, vulnerability, logs
Robin WhittletonThe future of CAPTCHA
CAPTCHA (standing for Completely Automated Public Turing test to tell Computers and Humans Apart) must have seemed like a good idea when it was first invented in 2000. Spam was beginning to become a major problem on the web and a method was needed to fight back. CAPTCHA at first glance seems ideal: a distorted image that would be instantly recognisable by humans yet incomprehensible to machines. Place some letters in the distorted image and get the user to type them back and bingo: you’ve stopped your spam problem.
Read more | 3 comments
Tags: spam, captcha, accessibility, web
Paul SturgessNo spam please
Why is it the owners of mailing lists just wont let you leave? Even when you have no interest whatsoever in what they are sending you.