Before in our forum (we use to use phorum.org message board) we use to
strip "all harmful tags" from...
$HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_ENV_VARS, $HTTP_COOKIE_VARS,
$HTTP_POST_FILES, $HTTP_SESSION_VARS; etc..... (all possible inputs)
although it restricted functionality, but indeed even protected us
from some 0-days. ;) Its even better to check the max url length
(acceptable) and strictly defind the acceptable INPUT data type for
every INPUT feilds.
even better... if max. bad request execeds say 3 in error log add...
exec("/sbin/iptables -I INPUT -s $ip -j REJECT"); And email back the
admin with complete log details of the attack.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
