Glenn McCalley wrote:

Glenn McCalley schrieb:


Is there a way to find out -which- -process- calls another process?

Each process is associated with a parent; look at the ppid column:

  ps axo user,pid,ppid,command

Björn



Thanks, I stated the question poorly.  My fault.
Is historical info available and is it available by file name?

I trying to find out (for example) what (unknown) program ran another
(known) program between 0900 and 1000 yesterday - something like that.

I've got a customer sending our emails that he shouldn't - I don't know
which customer it is.  The program that sends the mail is running as a

cgi

so it all shows up as user "nobody".

If I can get a list of what programs, path and file name, called

sendmail

over (say) the last 24 hours, one of them should jump off the page with

an

unreasonable level of activitiy.


The web server logs don't tell you anything in the URL data?  A CGI script
usually has some parameters which might provide some assistance.

brian


--
Brian Sobolak
http://www.planetshwoop.com/



Thanks Brian, that's already tonights project to run through those logs and
see if anything jumps out there.  What I think he might be doing is either
POSTing the parameters (which won't show up) or he's loaded a file of email
addresses and just triggers the mailer with a simple cgi request.  Either
way he's got to be calling sendmail or mail to get it out the door I
believe.
Thanks!
Glenn.


_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


Another option would be to search CGI directories and grep files for 'sendmail'.. if the CGI script calls sendmail externally and it's written in any non-compiled binary (usually are) - you should be able to grep 'sendmail' * in each cgi-enabled dir and find the cuplrit.

I've had this happen quite often with my hosting customers, where they put up a simple Perl script that pipe's it's output to sendmail, and abusers (not customers), and someone embeds an email in the 'comments' field or similar by adding header fields. There are of course numerous ways to get around this.

I find human-readable images are amongst the best way and are very easily implemented (took me a whole 20mins to write the code to do it generically accross all system for all hosting customers). (ie: http://www.wmptl.com/cgi-bin/contact.pl) - other ways include stripping colons from all fields returned via forms, etc.

Just bear in mind, it may be a customer's script causing spam/etc... but may not be their intention nor fault either. You'll always do better to approach them with a solution than a complaint.



--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to