[Mimedefang] OT: Email web form exploits

[Kelson]

James Ebright wrote:
> Check the URI referrer and only allow the web form to be hit FROM the URLS
> that it should be linked to otherwise simply return an error similar to
> unauthorized access attempt....

Not sufficient.  These are being done using direct hits to port 80, not 
actual web browsers, so the attacking script can set whatever referrer 
it wants.

I already had referer checks on all the forms that I saw get hit by 
these probes.

-- 
Kelson Vibber
SpeedGate Communications <www.speed.net>