Re: A serious question about cgi (intermediate-newbie)

From: Purl Gurl (purlgurl_at_purlgurl.net)
Date: 04/16/04 

Date: Thu, 15 Apr 2004 18:36:11 -0700

Robin wrote:

> > > deny a client side user their privelege to submit a
> > > form over and over

> > Protect your script, protect your data, ignore him.
 
> That's the ticket, I think I'll just add a feature to delete posts from the
> admin script or something so I don't have to deal with these childish
> individuals...

Research and read about "no cache pragma" for your
display page html headers. Most browsers recognize
this or variations. A fast expiration time generates
one of those "post data missing" error pages.

That will not prevent repeated submissions but will
add one or two extra steps to the process of repeating
a post submission.

Blocking of ip addresses is usually pointless. There
are so many proxy servers, you will spend a tremendous
amount of time trying to block them. Blocking ip addresses
should be used for very serious problems.

Automatic blocking of ip addressed helps in the short term.
We have a couple of androids who automatically block offenders,
and make a log record. This causes a person to have to switch
to a new proxy. Easy enough to write simple rules, such as
scanning your database for the same entry. If so, your script
response can be to append a "Deny From" in an htaccess file,
when someone repeats the same data entry.

Redirection works well. You can redirect a twit to a site
which employs lots and lots of table tags. You have visited
those sites which cause your browser to "stall" for a long
period of time because of nested table tags. You may also
redirect an offender to a site which you know contains
hostile tags, such as java applets or visual scripts which
are designed to cause browser problems.

There are at least a thousand and one ways to crash a browser,
or crash a system. This is useful for some sociopaths but might
land you in trouble. There are ways to tag a system, especially
if they have cookies turned on.

Another method is a primitive honeypot. Use URL masquerading
and provide the idiot with a fake page. Allow him to sit
there wasting his time clicking a button which looks real,
responds in a real way, but actually does nothing.

What I find effective is collecting log entries for an offender
over a month, over two months, then clobber the servers with
formal complaints, daily, for weeks, until they take action
or disclose information you need. More than once I have enjoyed
success at having an offender's ISP account terminated.

This "ticket" method suggested by another, is a good idea.

If you can determine who the offender is, where he works and
can _factually_ prove he is causing problems during work, from
an office or place of employment, sent mail to his employer,
call his employer, have your favorite attorney write his employer.
Nothing worse than having a boss on your back, or perhaps being
fired from your job. I have done this with great success but
only for very extreme circumstances.

Personally, I like automatic banishment. Quite the surprise.

All of those and hundreds of other methods work well.

Nonetheless, the best method for childish offenders is to
simply ignore them; never take action, never respond. That
is the worst punishment an attention seeker can be dealt.

For trivia, since posting my prior article on this topic,
the regular here who is mentally disturbed, has tripled his
efforts at annoying me. He is not a very bright boy, he
is easy to manipulate, he amuses me, as do many of the
boys populating this newsgroup.

Purl Gurl

Relevant Pages

  • Re: A serious question about cgi (intermediate-newbie)
    ... If so, your script ... > period of time because of nested table tags. ... > What I find effective is collecting log entries for an offender ... > call his employer, have your favorite attorney write his employer. ...
    (comp.lang.perl.misc)
  • Re: IE , SCRIPT and innerHTML
    ... the way you are trying to alert it. ... Anyone know a solution to access the contents of the script tag in IE? ... Prototype.js was written by people who don't know javascript for people ... I need the script tags, so that i can create different field ...
    (comp.lang.javascript)
  • Re: why does this simple counter fail?
    ... Look for short tags. ... On Mar 25, 2011, at 12:36 AM, Gary Kline wrote: ... hack with no error-checking is that i have used the same script ... PHP), not a shared lock. ...
    (freebsd-questions)
  • Re: asp.net and XHTML
    ... tags, and attribute values are included in double ... Controls do not render custom attributes that are ... Any script tags rendered into the page include an appropriate type ...
    (microsoft.public.dotnet.framework.aspnet)
  • Site search script?
    ... I'm looking for a script which will search a set of text files and return ... The text files are books and short stories, ... locally and uploaded to the host server) would get around this, ... with tags okay? ...
    (alt.php)