Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Perl files getting accessed directly

Perl files getting accessed directly

Perl files getting accessed directly

Hello. I just registered. I just wanna tell somebody about a nuisance/problem with my perl script on my webserver which I finally got fixed. For those who really know perl this is gonna be boring probably - but maybe this can help other newbees with same problem.

I have a "feedback page" - u can put in name/webadress/comment in the fields in an html-form page. Which sends the info to a perl script. (which sends that input to another html-page)

Now - if I look at the webserver log file, bots/programs probably sniff out .pl files (?) and accesses them directly - like "https://servername.com/filename.pl"

This happened. Not very frequently - but often. So when I went a html-page (on my webserver) with the results of the feedback-page there would be some EMPTY posts.

Now - this was not the end of the world but it still nagged me. Is there a fix? Yes.

This line:

if(defined $cgi->param('navn')){

As long as that line was before the argument - NO NEW ENTRY was created.
('navn' refers to the scalar name)

IF someone (like me - I tested it) DID write the exact location of the .pl file in a browser - one would just get an "Internal server error" - which I wanted - but before I added the line - the script would create an empty post in the html page.

NO EMPTY POSTS have been added since I inlcuded that line in the script !

This is my script:
use strict;
use warnings;
use HTML::Entities;
use CGI;
use Time::Piece;

my $cgi = CGI->new();

my $dato = localtime->strftime('%d-%m-%Y');
my $navn = $cgi->param('navn');
my $kommentar = $cgi->param('kommentar');

my $navn = encode_entities($navn, '<>&"');
my $kommentar = encode_entities($kommentar, '<>&"');

open(my $fh, '>>', 'skryt.html');
if(defined $cgi->param('navn')){
print "Content-type:text/html\r\n\r\n";
print $fh "<HR color=#008000 SIZE=2>\n Navn: <b>$navn</b> Kommentar: <b>$kommentar</b> Dato: $dato";
print "<html><head><meta http-equiv = 'refresh' content = '0; url = skryt.html' /></head>";}
else {(die)}
close $fh;


Probably an "off beat" problem but should be known.

Any security issues?

My webserver:
Old Windows 10 PC
webserver program: hiawatha https://www.hiawatha-webserver.org/
cgi enabled
website: https://helledussen.com (in norwegian - sorry) (to view english example script/html form https://helledussen.com/limbomusic/eng-fanreg.html )

Music: https://helledussen.com/groove2/stoned.html
Or search for Limbomusic on utube.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close