how to tell what ran what
Daniel
jahilliya at gmail.com
Wed Feb 15 18:08:27 PST 2006
On 2/16/06, Greg Barniskis <nalists at scls.lib.wi.us> wrote:
> Glenn McCalley wrote:
>
> > Thanks Brian, that's already tonights project to run through those logs and
> > see if anything jumps out there. What I think he might be doing is either
> > POSTing the parameters (which won't show up) or he's loaded a file of email
> > addresses and just triggers the mailer with a simple cgi request. Either
> > way he's got to be calling sendmail or mail to get it out the door I
> > believe.
>
> Actually, they can use a number of other ways to create the outbound
> SMTP connections. Perl, for instance, offers the Net::SMTP module
> (and numerous others that'd do the trick). They don't need to call
> on binaries outside of their own cgi-bin or leave any tracks for you
> other than a web access log entry.
>
> You might consider putting your customers in jails with unique IP
> numbers as a way to better strain out whose CGI is the source of
> what packets on your network. Probably not a trivial change to your
> working environment, but maybe worth it in the long run.
>
You might want to consider setting up named virtualhosts with suexec
so each host runs as it's own user.
More information about the freebsd-questions
mailing list