From owner-freebsd-questions@FreeBSD.ORG Thu Feb 16 02:08:27 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C77CC16A420 for ; Thu, 16 Feb 2006 02:08:27 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.206]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0B38943D45 for ; Thu, 16 Feb 2006 02:08:26 +0000 (GMT) (envelope-from jahilliya@gmail.com) Received: by wproxy.gmail.com with SMTP id i24so68153wra for ; Wed, 15 Feb 2006 18:08:26 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=XO4ubQeezDD0fMbgfI2B/JrqJXuLZyXstjYqKhokOE9YS74tNFbG3Lops4EKHCxRdCOWjGAGR0SCTDOOuEQ4rgGHduaeO/DWoLn4GQ1jKlBVKpthxvOBv2jgxYgT/LZMR9444R0BCDwJ5Pm6grTv71TBgDpNdGu/TnjkRyG8NnY= Received: by 10.65.212.13 with SMTP id o13mr364629qbq; Wed, 15 Feb 2006 18:08:25 -0800 (PST) Received: by 10.64.184.6 with HTTP; Wed, 15 Feb 2006 18:08:23 -0800 (PST) Message-ID: Date: Thu, 16 Feb 2006 10:08:23 +0800 From: Daniel To: Greg Barniskis In-Reply-To: <43F3CBF8.2070703@scls.lib.wi.us> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <005701c63241$dbb3e220$6601a8c0@bnetmd.net> <43F3531E.8080205@cs.tu-berlin.de> <002601c6326e$da0fd5a0$6601a8c0@bnetmd.net> <46981.4.17.250.5.1140036274.squirrel@webmail.psys.org> <002d01c63274$639f0980$6601a8c0@bnetmd.net> <43F3CBF8.2070703@scls.lib.wi.us> Cc: freebsd-questions@freebsd.org Subject: Re: how to tell what ran what X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Feb 2006 02:08:27 -0000 On 2/16/06, Greg Barniskis wrote: > Glenn McCalley wrote: > > > Thanks Brian, that's already tonights project to run through those logs= and > > see if anything jumps out there. What I think he might be doing is eit= her > > POSTing the parameters (which won't show up) or he's loaded a file of e= mail > > addresses and just triggers the mailer with a simple cgi request. Eith= er > > way he's got to be calling sendmail or mail to get it out the door I > > believe. > > Actually, they can use a number of other ways to create the outbound > SMTP connections. Perl, for instance, offers the Net::SMTP module > (and numerous others that'd do the trick). They don't need to call > on binaries outside of their own cgi-bin or leave any tracks for you > other than a web access log entry. > > You might consider putting your customers in jails with unique IP > numbers as a way to better strain out whose CGI is the source of > what packets on your network. Probably not a trivial change to your > working environment, but maybe worth it in the long run. > You might want to consider setting up named virtualhosts with suexec so each host runs as it's own user.