In general, chat scripts are huge targets for malicious activity. My chat plugin, Simple Ajax Chat is no exception, and includes strong security measures to protect against attack.
Even with the strong security in place, it’s possible to take it a step further and really lock things down by “whitelisting” the files included with Simple Ajax Chat. Doing so ensures that only legit requests for existing files will be met with 200 success, while all other 404 and other bad requests are quietly blocked.
To implement the whitelist for SAC, add the following slice of .htaccess to the root .htaccess file of your website:
Allow from all
Note that Apache 2.x aor better is required for this to work. If in doubt, ask your host.
Make sure to test thoroughly on your site before going live with this security technique.