How should I secure my cronjobs from being visited by search engines/visitors that write the correct URL in the headline?
I have a cronjob, that is running every night, which transfers information to MailChimp, but if a user enters the URL correctly, he can make the cronjob run at anytime. How can I avoid this? :)
Hope you have some ideas.
Thanks in advance.
the files should be outside the web root, there's no need for them to be inside if they are only being called by cron. hope you are calling the file path and not the url?
Try for example:
1 0 * * * /usr/bin/php /home/denlau/cron.php
I hope that is helpful.
I think the simplest solution (without changing the architecture of your application) would be putting the URL which runs this cron job under authentication. May be HTTP/S basic auth to start with. This will give you some protection.
But in longer terms, having a cron running on a URL hit seems like a bad idea to me. If possible, you should rethink about the architecture.