Limiting accepted GET var length


#1

Hey, my site has been hacked several times now, and when I contacted the Dreamhost support team, they were beyond unhelpful. Is there anything I can do to limit the length of accepted GET variables to stop the 50+ character urls from being read by my app which never uses anything longer than 8 characters? The error log says the security module is catching the requests because of the http:// pattern match, but the malicious scripts are still being added to the bottoms of a few of my pages. Thanks for any ideas! ~Nick


#2

Test for string length before accepting it and don’t accept the variable if longer than you want:

http://php.net/manual/en/function.strlen.php

or

http://www.google.com/search?hl=en&safe=off&q=limit+the+length+of+accepted+GET+variable+in+PHP

–rlparker
–DreamHost Tech Support


#3

What application are you running on your site? It sounds to me as though you’re running something insecure, which needs to be either fixed or replaced. Just throwing a filter over the top doesn’t really solve the problem.