On Sat, Apr 14, 2007 at 05:58:52PM +0200, Henning Brauer wrote:
> * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:53]:
> > From the technical aspect, I agree with you. But non technical people
> > don't see (or understand) that :-( I wish I had time to sit down and
> > find out how to exploit the webapp. I tried to bring in a company to do
> > penetration testing, but I was refused the budget for it.
> > I can't fix the problem completely, but I can put measures in place
> > that will reduce the problem to an acceptable level.
>
> yeah, cut the cable.
>
> otherwise at least tell us the IP address (range) so we can all
> blacklist it.
>
> really, there is no solution (or even half reasonable band-aid) that is
> nbot "fix the application"
Henning brings up a good point: can't you explain to management the cost
of fixing the application vs the effort of getting yourself off all
blacklist that you soon will be on?
Otherwise, try mod_security.
Joachim
--
TFMotD: top (1) - display and update information about the top CPU
processes
