Hey, my site has been hacked several times now, and when I contacted the Dreamhost support team, they were beyond unhelpful. Is there anything I can do to limit the length of accepted GET variables to stop the 50+ character urls from being read by my app which never uses anything longer than 8 characters? The error log says the security module is catching the requests because of the http:// pattern match, but the malicious scripts are still being added to the bottoms of a few of my pages. Thanks for any ideas! ~Nick
Test for string length before accepting it and don’t accept the variable if longer than you want:
–DreamHost Tech Support
What application are you running on your site? It sounds to me as though you’re running something insecure, which needs to be either fixed or replaced. Just throwing a filter over the top doesn’t really solve the problem.