On 2006/03/18, at 15:36, Knute Johnson wrote:
I need some help finding the correct place to go to get specific
help. We have a script that uses sendmail to send form data to the
site owner. Last night somebody managed to use it to send thousands
of spam emails. I need to find the right place to ask about the
script to determine exactly how the attack was accomplished so we can
fix the script. Any direction would be greatly appreciated.
Well, the first question is, did you write the script yourself or is
it one you picked up somewhere. If someone else wrote it, perhaps
they have a mailing list or a contact address or a wiki or even a FAQ.
The next question is what language is it written in. Various
newsgroups and mailing lists exist for various languages, and you may
be able to find a ng or ml that focuses on networking or cgi in that
language, which would be even better than a general list or group for
the language.
After that, there are ngs and mls that focus on cgi and security.
Beyond that, it's a matter of analyzing the source, and whoever in
your organization is responsible for the program is the one to start
looking for possible ways in.
Your favorite internet search engine can probably help you find such
groups. Also, you may be able to find relevant information on wikipedia.
That's probably not what you wanted to hear, but without more
information, all we can do is guess. Guessing is as likely to send
you on wild goose chases as in the right direction.
