×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Perl files getting accessed directly

Perl files getting accessed directly

Perl files getting accessed directly

(OP)
Hello. I just registered. I just wanna tell somebody about a nuisance/problem with my perl script on my webserver which I finally got fixed. For those who really know perl this is gonna be boring probably - but maybe this can help other newbees with same problem.

I have a "feedback page" - u can put in name/webadress/comment in the fields in an html-form page. Which sends the info to a perl script. (which sends that input to another html-page)

Now - if I look at the webserver log file, bots/programs probably sniff out .pl files (?) and accesses them directly - like "https://servername.com/filename.pl"

This happened. Not very frequently - but often. So when I went a html-page (on my webserver) with the results of the feedback-page there would be some EMPTY posts.

Now - this was not the end of the world but it still nagged me. Is there a fix? Yes.

This line:

if(defined $cgi->param('navn')){

As long as that line was before the argument - NO NEW ENTRY was created.
('navn' refers to the scalar name)

IF someone (like me - I tested it) DID write the exact location of the .pl file in a browser - one would just get an "Internal server error" - which I wanted - but before I added the line - the script would create an empty post in the html page.

NO EMPTY POSTS have been added since I inlcuded that line in the script !

This is my script:
------------------------
#!C:\Perl64\site\bin\perl.exe
use strict;
use warnings;
use HTML::Entities;
use CGI;
use Time::Piece;

my $cgi = CGI->new();

my $dato = localtime->strftime('%d-%m-%Y');
my $navn = $cgi->param('navn');
my $kommentar = $cgi->param('kommentar');

my $navn = encode_entities($navn, '<>&"');
my $kommentar = encode_entities($kommentar, '<>&"');

open(my $fh, '>>', 'skryt.html');
if(defined $cgi->param('navn')){
print "Content-type:text/html\r\n\r\n";
print $fh "<HR color=#008000 SIZE=2>\n Navn: <b>$navn</b> Kommentar: <b>$kommentar</b> Dato: $dato";
print "<html><head><meta http-equiv = 'refresh' content = '0; url = skryt.html' /></head>";}
else {(die)}
close $fh;

------------------------

Probably an "off beat" problem but should be known.

Any security issues?

My webserver:
Old Windows 10 PC
webserver program: hiawatha https://www.hiawatha-webserver.org/
cgi enabled
website: https://helledussen.com (in norwegian - sorry) (to view english example script/html form https://helledussen.com/limbomusic/eng-fanreg.html )

Music: https://helledussen.com/groove2/stoned.html
Or search for Limbomusic on utube.
Cheers.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login


Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close