Ok, who's using my free hosting for good, who's using it for bad?

FormalHost · 01-02-2007, 10:04 PM

Hey there,

How do you know which accounts are legit vs. accounts just using it for spam or any other activity?

I picked a few signups where gmail.com was used as their domain name. And canned it.

Any other ways to determine a good account vs a bad one?

jcink · 01-03-2007, 12:34 AM

It's really impossible to tell what the user wants to do, which is why you need to be very restrictive in the free hosting world if the signup is just out in the open.

Ex, worried about spam being used in say, PHP on the hosting, disable the mail(); function in PHP. Make spamming not possible. Worried of PHP proxies? Disable fsockopen(); in PHP.

Take measures to block people from doing this kind of thing in the first place, its quite common in free hosting and its hard to figure out whats abuse and whats not.

gryffin · 01-03-2007, 06:23 AM

block almost anything, run scripts to delete image galleries/mass image uploads and limit the file size and type. This will end you up with pretty clean accounts, with the only problem being phishing

benoitb · 01-03-2007, 07:39 AM

Turn off safemode aswell.

*ZendURL* · 01-03-2007, 12:07 PM

If you would be interested in purchasing a content firewall (it blocks sites with certain words/content) then please PM me and I could help you out.

Otherwise safe_mode and open_basedir are my two biggest recommendations.

zmreaper · 01-04-2007, 09:10 PM

One thing I noticed, as I run a free hosting site, is I have had a few people get them for botnet purposes.

jcink · 01-05-2007, 02:20 AM

Possibly you have fsockopen on in PHP then or a way to use sockets in one of the languages on your host. An irc bot can be built in PHP and so someone could use fsockopen to sign the server into an irc room and use it that way, I believe. I've seen it done before.

My3Host · 01-05-2007, 03:56 AM

Disabling fsockopen will disable phproxy from being executed.

zmreaper · 01-05-2007, 08:28 AM

Yeah, Anyother ways to get around it? Its just annoying, because I do alot of advertising through IRC. And continously see people using IRC web-based bots.

jcink · 01-05-2007, 01:36 PM

You guys honestly want to leave PHProxy available to upload?

Uh...

You really should just disable fsockopen and not care about PHProxies, they are nothing but trouble. They take a lot of CPU load, and bandwidth, and plus, some people use the server to visit bad sites with it or harass others... leaving your tracks all over it. Not good.

People can also write spam/DoS scripts, and launch them using your server. It's not hard to write a flooder script in fsockopen.

Seriously consider shutting it down.