Archive for “Security Matters”

The following entries were made in the “Security Matters” category.

Protecting Forms from Spam ‘Bots

Posted April 30th, 2008 by Mike Cherim

Spam robots or spam ‘bots abuse comment forms, contact forms, and any forms they can. A true scourge of the web. They exploit insecure forms to send spam. Fortunately there are individual methods of slowing them down. And when used jointly, ‘bots can actually be stopped. This post shares four scripted operations I’ve found particularly helpful to prevent illegitimate posting. In the following examples, at least one variable will be posted, and will appear in this article as $posted_var (meaning it’s captured by $_POST['var']) to offer greater clarity, but this variable can be whatever you need it to be: name, email, etc.

Continue reading “Protecting Forms from Spam ‘Bots” »

Some Web Domain Security Tips

Posted November 14th, 2007 by Mike Cherim

I was informed by Mike Jolley that my name appears in print in issue 169(?) of .Net Magazine — which apparently goes by the name of “Practical Web Design” in the United States but I wasn’t able to confirm this, even with Google’s help. When Mike told me this and kindly furnished me with a scanned copy I recalled being interviewed some time back. Others interviewed for this article were Dave Barter for and Marcus Graichen for .Net spelled my name wrong and didn’t publish my domain properly (no hyphen), but the info was hopefully sound all the same.

Continue reading “Some Web Domain Security Tips” »

Obfuscating your Email with CSS?

Posted May 10th, 2007 by Mike Cherim

I’ve come up with an idea that might be useful for obfuscating an email address using your Cascading Style Sheet or CSS. Not a linked email address, but one just posted on the page as text. Trouble is adding an email address to a web page as text or as a link means it will be harvested by ‘bots. Because of this, many people use something like email[at]domain[dot]com in hopes of hiding it. It is my understanding that can be harvested too, though. So I came up with something that may prevent that. For a bit, anyway.

Continue reading “Obfuscating your Email with CSS?” »

Securing PHP Include Files

Posted November 23rd, 2006 by Mike Cherim

One of the great things about the PHP server-side scripting language is the ability to “include” files. Using includes you can share files across several pages. For example, if you’re not using a functions library to handle global page sections, you can create a file called header.php, put some variable hooks in it to handle a dynamic title, keyword set, and description, then use this one file for all your web pages. This can save a tremendous amount of initial work when creating a site, plus it can greatly reduce maintenance down the road if you want to make changes. But the web being what it is, it is possible to access some includes directly and thus you may want to secure them.

Continue reading “Securing PHP Include Files” »

Directories Set to 777 are Safe/Unsafe?

Posted November 9th, 2006 by Mike Cherim

777 - Safe or Unsafe? I will first say this as a disclaimer: I’m not a hacker, cracker, or a server security expert! This post is more of a question than an answer. Okay, now that that’s said I can get on with this short article. To the best of my knowledge, and after doing some research on the subject, and reading eighteen million conflicting versions of this information, I must tell you that manually setting directory permissions to 777 is not safe! Or at least I don’t think it is? I’m pretty sure if you set directories/folders on your server to 777 you can be cracked and probably will be, eventually — unless said directories were created with a server side scripting language thus taking ownership away from “Apache,” “Nobody,” or whatever the common default owner name on your server is.

Continue reading “Directories Set to 777 are Safe/Unsafe?” »

WordPress-Ready Contact Form v.2.0WP

Posted October 25th, 2006 by Mike Cherim

On October 3rd I announced that I released my Secure and Accessible PHP Contact Form v.2.0. It was also requested at that time that it made available for use with WordPress. Well, now it is. I teamed up with Mike Jolley and together we took my form script and made a WordPress plugin that you can download on the Official v.2.0WP Download Page (see WordPress Version Demo). Check it out. (Also see Mike Jolley’s Official Page.) I think you’re going to be very pleased.

Continue reading “WordPress-Ready Contact Form v.2.0WP” »

Don’t be an Internet Fool

Posted October 9th, 2006 by Mike Cherim

Somebody out there wants you to be a fool. Somebody out there is hoping you’ll be a fool. In fact somebody out there is counting on it. And if you are, it’s a shame, because it reinforces the belief that fools abound on the web and the non-fools have to suffer for your ignorance or, in some cases, plain old stupidity. Have I piqued your interest? Good, there’s hope for you yet. Please keep reading as herein are fifteen ways to prevent yourself from becoming an Internet fool and thus saving the rest a few headaches. In a place where no fools exist, those who ply the trade of foolery will eventually get tired and move on.

Continue reading “Don’t be an Internet Fool” »

PHP Contact Form v.2.0 Released

Posted October 3rd, 2006 by Mike Cherim

This has been long overdue — almost a year — but I have finally reworked my old contact form completely and I’m extremely pleased to re-release it as my all-new Secure and Accessible PHP Contact Form v.2.0. I made a vast number of improvements to enhance its accessibility, usability, and most notably its security. To get the full picture about its features, and to download it for yourself, please see this official download page, and if you want, you may also check out the working demo form. I have slaved over this for more than a week adding fourteen fifteen sixteen security features and myriad enhancements. My main goal was to make it spam-proof. It’s not, there are no absolutes, but it should be very resistant. Think of it as you would a waterproof watch. Sure, it won’t be ruined when you go swimming, but at around 2000 feet it’s going to implode. Anyway, I’m really pleased with the results and hope you like it too.

Continue reading “PHP Contact Form v.2.0 Released” »

PHP Style Changer Experiment

Posted September 1st, 2006 by Mike Cherim

I wanted to open up this latest experiment for comments since it was the comments to Roger Johansson’s Build your own PHP style sheet switcher article that inspired me to add cookie acceptance detection functionality to my own PHP Style Changer Experiment. It seems to work nicely but I figure it’s always good to get some real-world feedback. And since I don’t accept comments at I figured I’d do it here. The link above leads to the supporting article, but here’s the actual experiment page, and here’s the well-commented script provided as a text file. Feel free to use it and tell others if you like it — it is safe from XSS so use it with confidence. It’s been in use a long time but I never released it.

Continue reading “PHP Style Changer Experiment” »

Note: This is the end of the usable page. The image(s) below are preloaded for performance only.