Date: Thu, 16 Feb 2006 10:08:23 +0800 From: Daniel <jahilliya@gmail.com> To: Greg Barniskis <nalists@scls.lib.wi.us> Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what Message-ID: <ba5e78ea0602151808x1c6a719epbfbe5706a6fabd3@mail.gmail.com> In-Reply-To: <43F3CBF8.2070703@scls.lib.wi.us> References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> <002d01c63274$639f0980$6601a8c0@bnetmd.net> <43F3CBF8.2070703@scls.lib.wi.us>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/16/06, Greg Barniskis <nalists@scls.lib.wi.us> wrote: > Glenn McCalley wrote: > > > Thanks Brian, that's already tonights project to run through those logs= and > > see if anything jumps out there. What I think he might be doing is eit= her > > POSTing the parameters (which won't show up) or he's loaded a file of e= mail > > addresses and just triggers the mailer with a simple cgi request. Eith= er > > way he's got to be calling sendmail or mail to get it out the door I > > believe. > > Actually, they can use a number of other ways to create the outbound > SMTP connections. Perl, for instance, offers the Net::SMTP module > (and numerous others that'd do the trick). They don't need to call > on binaries outside of their own cgi-bin or leave any tracks for you > other than a web access log entry. > > You might consider putting your customers in jails with unique IP > numbers as a way to better strain out whose CGI is the source of > what packets on your network. Probably not a trivial change to your > working environment, but maybe worth it in the long run. > You might want to consider setting up named virtualhosts with suexec so each host runs as it's own user.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba5e78ea0602151808x1c6a719epbfbe5706a6fabd3>