> I am in front of a security issue. We are running several site using > modperl. Last days, a hacker used a script to call some script of our sites > for bad purpose. He needed to be authenticated, but we are only using > session cookies. Then, once he was loged in, he could retrieve this id and > use it in his home made script.
Think about what's different between his behavior and legitimate users' behavior. Is it that he's sending tons of requests in a brief period of time? Limit the frequency. Randal wrote a column about how to do this: http://www.stonehenge.com/merlyn/LinuxMag/col17.html - Perrin