Date: Wed, 15 Feb 2006 18:48:56 -0600 From: Greg Barniskis <nalists@scls.lib.wi.us> To: Glenn McCalley <techlist@bnetmd.net> Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what Message-ID: <43F3CBF8.2070703@scls.lib.wi.us> In-Reply-To: <002d01c63274$639f0980$6601a8c0@bnetmd.net> References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> <002d01c63274$639f0980$6601a8c0@bnetmd.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Glenn McCalley wrote: > Thanks Brian, that's already tonights project to run through those logs and > see if anything jumps out there. What I think he might be doing is either > POSTing the parameters (which won't show up) or he's loaded a file of email > addresses and just triggers the mailer with a simple cgi request. Either > way he's got to be calling sendmail or mail to get it out the door I > believe. Actually, they can use a number of other ways to create the outbound SMTP connections. Perl, for instance, offers the Net::SMTP module (and numerous others that'd do the trick). They don't need to call on binaries outside of their own cgi-bin or leave any tracks for you other than a web access log entry. You might consider putting your customers in jails with unique IP numbers as a way to better strain out whose CGI is the source of what packets on your network. Probably not a trivial change to your working environment, but maybe worth it in the long run. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F3CBF8.2070703>