how to tell what ran what

Greg Barniskis nalists at
Wed Feb 15 16:49:00 PST 2006

Glenn McCalley wrote:

> Thanks Brian, that's already tonights project to run through those logs and
> see if anything jumps out there.  What I think he might be doing is either
> POSTing the parameters (which won't show up) or he's loaded a file of email
> addresses and just triggers the mailer with a simple cgi request.  Either
> way he's got to be calling sendmail or mail to get it out the door I
> believe.

Actually, they can use a number of other ways to create the outbound 
SMTP connections. Perl, for instance, offers the Net::SMTP module 
(and numerous others that'd do the trick). They don't need to call 
on binaries outside of their own cgi-bin or leave any tracks for you 
other than a web access log entry.

You might consider putting your customers in jails with unique IP 
numbers as a way to better strain out whose CGI is the source of 
what packets on your network. Probably not a trivial change to your 
working environment, but maybe worth it in the long run.

Greg Barniskis, Computer Systems Integrator
South Central Library System (SCLS)
Library Interchange Network (LINK)
<gregb at>, (608) 266-6348

More information about the freebsd-questions mailing list