how to tell what ran what
jahilliya at gmail.com
Wed Feb 15 18:08:27 PST 2006
On 2/16/06, Greg Barniskis <nalists at scls.lib.wi.us> wrote:
> Glenn McCalley wrote:
> > Thanks Brian, that's already tonights project to run through those logs and
> > see if anything jumps out there. What I think he might be doing is either
> > POSTing the parameters (which won't show up) or he's loaded a file of email
> > addresses and just triggers the mailer with a simple cgi request. Either
> > way he's got to be calling sendmail or mail to get it out the door I
> > believe.
> Actually, they can use a number of other ways to create the outbound
> SMTP connections. Perl, for instance, offers the Net::SMTP module
> (and numerous others that'd do the trick). They don't need to call
> on binaries outside of their own cgi-bin or leave any tracks for you
> other than a web access log entry.
> You might consider putting your customers in jails with unique IP
> numbers as a way to better strain out whose CGI is the source of
> what packets on your network. Probably not a trivial change to your
> working environment, but maybe worth it in the long run.
You might want to consider setting up named virtualhosts with suexec
so each host runs as it's own user.
More information about the freebsd-questions