[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache: what site is sending email from www-data

Citát jack <lists@qnorth.net>:

> You have say, 50 websites running on your webserver (mostly PHP, some
> cgi). You start to notice your webserver is sending out HUGE amount of
> email (which is spam). Looking at any of the messages in the mail queue,
> you notice all the messages are coming from www-data@host.mydomain.tld,
> so I know they are coming from apache, but what site is it coming from!?!

There was a similar thread a month ago, where someone posted little python
script which adds X-Domain header to emails sent from PHP, so that you know
from what virtualhost they are. I have written that I'm going to modify it to
support limits. Now I have it running for few weeks on our 2 servers (more than
400 domains).

You will find it here - http://www.marki-online.net/php-secure-sendmail/

Question for all: how to securely specify password to mysql in scripts as these?
It is python script executed by apache, so apache must have read permissions on
it - and so every customer can possibly view it and see database password.

In this version I do it so that password is not in the script itself, but in
another file where is defined function which returns the password. This second
file is compiled into binary (.pyc) so that it is not so easy to see the
password. This file is included (from thisFile import *) in the script. Both
script and this file are in directory where apache has only execute permissions
(so that user can't browse for files). Of course it won't stop anyone who knows
python, but at least script-kiddies...

  bYE, Marki

This message was sent using IMP, the Internet Messaging Program.

Reply to: