forward dari forum hosting :
PHP and Apache has a history of not being able to track which users are
sending out mail through the PHP mail function from the nobody user causing
leaks in formmail scripts and malicious users to spam from your server
without you knowing who or where.
Watching your exim_mainlog doesn't exactly help, you see th email going out
but you can't track from which user or script is sending it. This is a quick
and dirty way to get around the nobody spam problem on your Linux server.
If you check out your PHP.ini file you'll notice that your mail program is
set to: /usr/sbin/sendmail and 99.99% of PHP scripts will just use the built
in mail(); function for PHP - so everything will go through
/usr/sbin/sendmail =)
Requirements:
We assume you're using Apache 1.3x, PHP 4.3x and Exim. This may work on
other systems but we're only tested it on a Cpanel/WHM Red Hat Enterprise
system.
Time:
10 Minutes, Root access required.
Step 1)
Login to your server and su - to root.
Step 2)
Turn off exim while we do this so it doesn't freak out.
/etc/init.d/exim stop
Step 3)
Backup your original /usr/sbin/sendmail file. On systems using Exim MTA, the
sendmail file is just basically a pointer to Exim itself.
mv /usr/sbin/sendmail /usr/sbin/sendmail.hidden
Step 4)
Create the spam monitoring script for the new sendmail.
pico /usr/sbin/sendmail
Paste in the following:
#!/usr/local/bin/perl
# use strict;
use Env;
my $date = `date`;
chomp $date;
open (INFO, ">>/var/log/spam_log") || die "Failed to open file ::$!";
my $uid = $>;
my @info = getpwuid($uid);
if($REMOTE_ADDR) {
print INFO "$date - $REMOTE_ADDR ran $SCRIPT_NAME at $SERVER_NAME n";
}
else {
print INFO "$date - $PWD - @infon";
}
my $mailprog = '/usr/sbin/sendmail.hidden';
foreach (@ARGV) {
$arg="$arg" . " $_";
}
open (MAIL,"|$mailprog $arg") || die "cannot open $mailprog: $!n";
while (<STDIN> ) {
print MAIL;
}
close (INFO);
close (MAIL);
Step 5)
Change the new sendmail permissions
chmod +x /usr/sbin/sendmail
Step 6)
Create a new log file to keep a history of all mail going out of the server
using web scripts
touch /var/log/spam_log
chmod 0777 /var/log/spam_log
Step 7)
Start Exim up again.
/etc/init.d/exim start
Step 8)
Monitor your spam_log file for spam, try using any formmail or script that
uses a mail function - a message board, a contact script.
tail - f /var/log/spam_log
Sample Log Output
Mon Apr 11 07:12:21 EDT 2005 -
/home/username/public_html/directory/subdirectory - nobody x 99 99 Nobody /
/sbin/nologin
Log Rotation Details
Your spam_log file isn't set to be rotated so it might get to be very large
quickly. Keep an eye on it and consider adding it to your logrotation.
pico /etc/logrotate.conf
FIND:
# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
ADD BELOW:
# SPAM LOG rotation
/var/log/spam_log {
monthly
create 0777 root root
rotate 1
}
Notes:
You may also want to chattr + i /usr/sbin/sendmail so it doesn't get
overwritten.
Enjoy knowing you can see nobody is actually somebody =)
Thanks to MattF and others who worked on this.
--
Bonie Mania The Land Of Joy And Happiness
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Balikpapan Information, Communication & Technology Community" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/balikpapan-ict?hl=en-GB
-~----------~----~----~----~------~----~------~--~---
