how to tell what ran what
Greg Barniskis
nalists at scls.lib.wi.us
Wed Feb 15 16:49:00 PST 2006
Glenn McCalley wrote:
> Thanks Brian, that's already tonights project to run through those logs and
> see if anything jumps out there. What I think he might be doing is either
> POSTing the parameters (which won't show up) or he's loaded a file of email
> addresses and just triggers the mailer with a simple cgi request. Either
> way he's got to be calling sendmail or mail to get it out the door I
> believe.
Actually, they can use a number of other ways to create the outbound
SMTP connections. Perl, for instance, offers the Net::SMTP module
(and numerous others that'd do the trick). They don't need to call
on binaries outside of their own cgi-bin or leave any tracks for you
other than a web access log entry.
You might consider putting your customers in jails with unique IP
numbers as a way to better strain out whose CGI is the source of
what packets on your network. Probably not a trivial change to your
working environment, but maybe worth it in the long run.
--
Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at scls.lib.wi.us>, (608) 266-6348
More information about the freebsd-questions
mailing list