World: r3wp

Hmm, good question. May be hard.

Graham - my server is far from popular. I think no-one will do Volker's 
like trick. But you might be right, if we teach ppl to simply put 
rebol into cgi-bin dir, and then such "vulnerability" is found, ISPs 
might hate it ....

renaming executable might work ... sufficiently enough imo ...

I see no reason why not to put it somewhere else, outside of web-folders.

Hosts wont' normally put rebol into their own cgi-bin

Graham - because then user can't do it, ISP has to  ...

Volker, often hosts will not allow exes outside cgi-bin

Usually you can put it in homedir or such.

so, even if you put outside the webfolders, you can't then execute 
it

Volker: but usually you don't get console access, only ftp to copy 
your web to ...

Hmm, that is bad. thought exes outside would be ok. talk to host?

I did that for micha and it worked. thought that is common.

advantage of having rebol in cgi-bin is, that you can update it yourself, 
not asking your ISP to update it for you each time new version is 
out :-)

can you have subdirs with cgi-scripts? so that you can call http://cgi-bin/project1/script.cgi
?

then maybe you can restrict access to that folder by .htaccess.

well, as for my server, I can install rebol regullarly. We just were 
thinking loud here with Graham, if that is good aproach or not to 
have it in cgi-bin, so simply you could run your rebol scripts without 
ISP to even know you are using rebol :-)

Grahams obfuscation-trick should work too, as long as nobody on the 
same server tries to break in.

I would ask isp to allow exes in another folder. dont know how he 
would react thought.

btw, ct mentioned virtual server for e4.99. Dont know about quality, 
and i see german, do you see english? http://www.netfabrik.de/

cgi - maybe an extra exe which only runs as cgi?

REBOL does not have to be in the cgi-bin folder.

If it is elsewhere, have a shebang in the first line of each script 
to point to where the exexcutable is.
(apologies if I'm missing the point of the discussion here)

Seems some hosts disable exes outside of cgi-bin

That would be a problem :-)

my host does that .. I'm only allowed exes in the cgi-local directory

Did you test subdir?

and since my cgi-local is a mapped directory, I can't create subdirectories

Sad. and no linux-sdk?

ah! you should be able to trap things in %user.r .

if you can write there.

This is an odd one.  I have a form that records a user's email address, 
the time they filled in the form, and their ip address.

A user did so, and got two subscription notices - timed 30 seconds 
or so apart.  So, both were his email address, but the ip address 
of the later one was from Google!

My deduction is that somehow google is tracking his movements, and 
submitted the form themselves to get the content ...

I guess I should download the web logs to see what actually happened.

Yep, that was it.  Mediapartners-Google/2.1 submitted the form again. 
 It looks like if you have the Google search bar, it submits all 
your internet traffic to google, who then go and try and index that 
site - including submitting your email address to a form!!

An older link .. beware of the Google search bard : http://www.sidhe.org/~dan/blog/archives/000267.html

That's exactly what Google does.

It has some sites indexed purely because the developer visited the 
site while using a browser that had the Google toolbar active. Otherwise, 
the site would have remained invisible.


Of course that doesn't excuse the developer from putting up a private 
or incomplete site without password or other protection. There are 
otherways for private URLs to slip into public consciousness. The 
Google toolbar is simply the most widespread.

Graham: was that a GET or a POST form? It makes sense for them to 
record urls with parameters, but it would be disturbing if they where 
recording POST contents.

Graham, that's very interesting. Good to get an update on how clever 
searchbots are getting.

Good to know !!

Looking at some log on a server I have to administrate, Im affraid 
to see many request trying to find  some /ebay, /lassalebank, /admin, 
/phpmyadmin pages on the site.
Internet looks more and more like a jungle.

Then, no I think of putting "robots.txt" file, I just think that 
some hackers can use it to exactly do the opposite of what it's suppose 
to do. They probably have make som bots that  just pick all pages 
marks as 'dissalow in it. If you don't know the name of the pages, 
it's a good place to find some !!

Gabriele, it was supposed to be a POST form, but looking now at the 
source, I see I typed "type=post" instead of "method=post", so it 
turned out to be GET.

(actually html-question)
how do i set the color for <pre>-tags with css?

pre {color: blue}

thanks

Of, if you meant the background rather than font color:
pre {background-color: yellow}

No, hmm, maybe both :)

what if I have Rebol cgi script in folder /cgi-bin/ and want to write 
to folder /public/ which is out of the sendbox. How to do it?

#!/rebol -s

#!/rebol -sc 

of course. the -s swiches sandbox of. i then usually do a secure 
to my own folder first in the cgi.

.

I am running XP on my local computer. Out web host's server is running 
Red Hat Linux.


Which version of core should I use on the host server to run the 
cgi scripts?


If I download the proper Linux core interpreter to my  XP computer, 
and uncompress it using WinZip, will it be corrupted by XP?  How 
do I get a clean version of core to the Linux server?