Glenn McCalley wrote:
Glenn McCalley schrieb:
Is there a way to find out -which- -process- calls another process?
Each process is associated with a parent; look at the ppid column:
ps axo user,pid,ppid,command
Björn
Thanks, I stated the question poorly. My fault.
Is historical info available and is it available by file name?
I trying to find out (for example) what (unknown) program ran another
(known) program between 0900 and 1000 yesterday - something like that.
I've got a customer sending our emails that he shouldn't - I don't know
which customer it is. The program that sends the mail is running as a
cgi
so it all shows up as user "nobody".
If I can get a list of what programs, path and file name, called
sendmail
over (say) the last 24 hours, one of them should jump off the page with
an
unreasonable level of activitiy.
The web server logs don't tell you anything in the URL data? A CGI script
usually has some parameters which might provide some assistance.
brian
--
Brian Sobolak
http://www.planetshwoop.com/
Thanks Brian, that's already tonights project to run through those logs and
see if anything jumps out there. What I think he might be doing is either
POSTing the parameters (which won't show up) or he's loaded a file of email
addresses and just triggers the mailer with a simple cgi request. Either
way he's got to be calling sendmail or mail to get it out the door I
believe.
Thanks!
Glenn.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Another option would be to search CGI directories and grep files for
'sendmail'.. if the CGI script calls sendmail externally and it's written in any
non-compiled binary (usually are) - you should be able to grep 'sendmail' * in
each cgi-enabled dir and find the cuplrit.
I've had this happen quite often with my hosting customers, where they put up a
simple Perl script that pipe's it's output to sendmail, and abusers (not
customers), and someone embeds an email in the 'comments' field or similar by
adding header fields. There are of course numerous ways to get around this.
I find human-readable images are amongst the best way and are very easily
implemented (took me a whole 20mins to write the code to do it generically
accross all system for all hosting customers). (ie:
http://www.wmptl.com/cgi-bin/contact.pl) - other ways include stripping colons
from all fields returned via forms, etc.
Just bear in mind, it may be a customer's script causing spam/etc... but may not
be their intention nor fault either. You'll always do better to approach them
with a solution than a complaint.
--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
