Re: [tlug] "Safe" counter

[Alain Hoang <hoanga@example.com>]

Howdy,

	I've never heard of a web counter being exploited by a spammer.  
Although many
of these counters seem to be  CGI programs that were written for 
functionality rather than
protecting against malformed data being sent to it.  So if you just 
drop one of those counters
it really is up to you to spend time assessing the vulnerability risk 
of that cgi program.
But any CGI program that can be exploited is just another tool in the 
spammer's toolchest
to get spam out.

	Another way to handle it is do a pure server side solution although 
then you
need to look at the server side solution (such as PHP) and make sure 
you don't
open up other vulnerabilities.

	The last option that I can think of is to just use a web server log 
analysis tool
and pipe the results to a HTML file once in awhile and live without 
live on the fly web
counters.



Cheers,
Alain

On Jan 7, 2004, at 12:56 AM, jeraldweinstein@example.com wrote:

> I have a question about having a "safe" counter on a web page.
> My Linux server's homepage does not have a counter because
> I had heard that spammers can use it or that having one can
> compromise a web server.
>
> Has anyone at TLUG heard of this?
> If so, is there a "safe(r)" way to add it to a web page?
>
>
> Jerald Weinstein M.S.
>
> -- 
> TLUG server is hosted by Open Source Development Lab Japan
> http://www.osdl.jp/
>
> To unsubscribe from this mailing list,
> please see the instructions at <http://www.tlug.jp/list.html>
>
>
"and whatever the bean-counters may say, responsibility
should always be the bottom line." -Arthur C. Clarke