I know somebody who coded a PHP script that attempts to prevent post flooding and some other potential security 'flaws'.
I know quite alot about PHP, some things are still beyond my knowledge. I was wondering if some people could have a look at it to see if it is a viable way of reducing secrity risks on PHP sites. You can download it from my site at http://www.streakyland.co.uk/ccisecurity.zip More info, an extract from the readme -> [What is the CCI Website Security Script?] The CCI Website Security Script is a drop-in PHP script designed to take on the burdon of dealing with certain common security problems in PHP scripts. It is made to be added to an existing script to provide immediate, transparent security of varying types. Far, far too often you hear about free scripts having some common vulnerability that has been seen a thousand times in other scripts - people just aren't careful enough when writing scripts. This script is desiged to try to compensate for some of this carelessness. Some of the things it (supposedly) attempts to prevent / do -> HTTP REQUEST FLOODS, SCRIPT DISPLAY VULNERABILITIES, GENERAL FLOOD PROTECTION, IP BANNING VIA .HTACCESS, HTML Source Viewing/Stealing Thanks for your time Streaky -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
