Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Alison Gianotto:
Check User-Submitted URLs for Malware and Phishing in Your Application
Apr 07, 2014 @ 15:01:59

In her latest post Alison Gianotto looks at a few different ways that you can validate any URLs that your users might give you to ensure they're not anything malicious. She looks at two of the major services, the Google SafeBrowsing API and SURBLs, as well as mentioning a few others.

If you write software for the web that allows users to submit or share URLs (comment systems, mail clients, forums, URL shorteners, etc), you may find yourself in a position where you need to filter out malicious links. Fortunately, there are several free options for you to better protect your systems and your users against bad guys, and they’re pretty simple to implement. (My examples are in PHP, but could easily be adapted to whatever language you prefer.)

She starts with an example call to the Google’s SafeBrowsing service, making a curl call and parsing the result. The other service, SURBL, makes use of DNS validation calls complete with code examples. She also talks about Phishtank and VirusTotal as other options. She finishes the post with a few suggestions for working with the rate limit restrictions on these services, including things like only checking on click-through and ensuring failure is handled well.

tagged: malware phishing url validate google safebrowsing surbl tutorial

Link: http://www.snipe.net/2014/04/check-user-submitted-urls-for-malware-and-phishing-in-your-application

Tobias Schlitt's Blog:
Trakbacks on PEARWeb and PEAR Services_Trackback
Feb 15, 2006 @ 13:10:38

Tobias Schlitt has a new post today concerning the improvements that's been made to the PEAR::Services_Trackback package.

I finally found some time and improved the trackback handling on PEARWeb:

  • HTML entities in trackbacks are now decoded before using the bad-word-filter (and the list has been updated)
  • Only 3 trackbacks per 30 minutes will be accepted from a host from now.
  • If both of these criteria do not match, it uses DNSBL and SURBL mechanisms to check trackbacks additionally.

He comments on how it will work now with these improvements and the popularity that the package is garnering...

tagged: PEAR::Services_Trackback improvements bad word limit DNSBL SURBL PEAR::Services_Trackback improvements bad word limit DNSBL SURBL

Link:

Tobias Schlitt's Blog:
Trakbacks on PEARWeb and PEAR Services_Trackback
Feb 15, 2006 @ 13:10:38

Tobias Schlitt has a new post today concerning the improvements that's been made to the PEAR::Services_Trackback package.

I finally found some time and improved the trackback handling on PEARWeb:

  • HTML entities in trackbacks are now decoded before using the bad-word-filter (and the list has been updated)
  • Only 3 trackbacks per 30 minutes will be accepted from a host from now.
  • If both of these criteria do not match, it uses DNSBL and SURBL mechanisms to check trackbacks additionally.

He comments on how it will work now with these improvements and the popularity that the package is garnering...

tagged: PEAR::Services_Trackback improvements bad word limit DNSBL SURBL PEAR::Services_Trackback improvements bad word limit DNSBL SURBL

Link:


Trending Topics: