Re: Help with cgi script attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 3/17/06, Knute Johnson <knute@xxxxxxxxxxx> wrote:
I need some help finding the correct place to go to get specific
help. We have a script that uses sendmail to send form data to the
site owner. Last night somebody managed to use it to send thousands
of spam emails.  I need to find the right place to ask about the
script to determine exactly how the attack was accomplished so we can
fix the script.  Any direction would be greatly appreciated.

Thanks,



--
Knute Johnson
Molon Labe...



--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Hi Knute Johnson!
 
This may be a place to get some background:
 
http://www-src.lip6.fr/homepages/Fabrice.Legond-Aubry/www.ouah.org/cgi-exploitation.txt
 
And then look at the issue from a security standpoint:
 
http://www.w3.org/Security/Faq/wwwsf4.html
 
Some other places of interest:
 
http://www.cert.org/
 
http://www.sans.org/rr/whitepapers/securecode/  (note last entry)
 
From what I am reading hear, CGI tends to have many vulnerabilities.  Deploy with extreme care only!!
 
God Give Us Strength Please!
 
Tod
 

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux