Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Spam?

[PixelManual]

Hello,

I am planning on opening up a instant free hosting site like geocities.com. I am offering

1. MySQL
2. PHP
3. FTP Accounts
4. and more

The problem is, I have been told I may get a lot, and I mean alot of people signing up just to use the services to spam. Is there anything I can use to prevent this? I am not allowing anyone Mail services, as I know that would be a major fault. But I believe there are some things in PHP I would need to disable, otherwise someone can simply do it from the website itself.

Any help?

[Jakiao]

If you want to be safe, turn PHP safe_mode to on. This will help fight against server exploitations and attacks. Furthermore, keep an eye on all of your logs. Just because you don't offer mail services doesn't mean they can't execute mail() in PHP.

[PixelManual]

Is there any way of just turning off mail() then. All they would lose are contact forms which are easily made in Html.

[LP-Trel]

Put mail in the disable_functions list.

[Jakiao]

You'll have to find a way to stop Perl from doing so as well. The HTML script they use has to connect to a Perl or PHP background. But yeah, LP-Trel is right about the disabled_functions list.

[dollar]

MySQL, php, cgi, etc.. should not be allowed at all IMHO.

[PixelManual]

@ Dollar

I am gonna see how it goes, if I start to have problems such as spam and exploitations I will start taking away some things and also ban IP's.

We'll just have to see...I am thinking of making people sign up with a real adress, no hotmail, yahoo etc. A Yourname@isp.com

[dollar]

Quote:

Originally posted by MegaGeo
@ Dollar

I am gonna see how it goes, if I start to have problems such as spam and exploitations I will start taking away some things and also ban IP's.

We'll just have to see...I am thinking of making people sign up with a real adress, no hotmail, yahoo etc. A Yourname@isp.com

There are thousands and thousands of free sites for e-mail, especailly in china, if you're doing instant activation it'll take you a few months to catch them all.

[PixelManual]

Yeah true. I've blocked all of China, lol. So no worries there.

I have a huge list, over 300 so far and am adding to it as I find them. And also, there is an option to view all e-mail addreses. So I can see what sort've names there are and if I need to investigate them.

[dollar]

Well you definatley seem like you have this worked out quite well (wish I could say the same when I gave it a try). Knowing know what I knew then I would have done many things differently. One of the best things I did was exchange reseller accounts to individuals that were pretty tech-savvy in exchange for them helping out on the staff.

Another tip is to tweak what can be done via .htaccess as I had many people trying to hide the banner with .htaccess.