Help with cgi script attack
John Summerfield
debian at herakles.homelinux.org
Sun Mar 19 12:25:15 UTC 2006
Knute Johnson wrote:
> I need some help finding the correct place to go to get specific
> help. We have a script that uses sendmail to send form data to the
> site owner. Last night somebody managed to use it to send thousands
> of spam emails. I need to find the right place to ask about the
> script to determine exactly how the attack was accomplished so we can
> fix the script. Any direction would be greatly appreciated.
>
> Thanks,
>
>
>
If you don't know the wcript being used, read the apache logs.
Especially, read what logwatch has to say. I read daily about attempts
to misuse my sites.
You could also use iptables to prevent outgoing email until you have
identified and fixed the problem. Any inconvenience to your users is
nothing compared with what happens when you're taken off the 'net.
More information about the fedora-list
mailing list