http://ask.metafilter.com/tags/nobody Questions tagged with 'nobody' at Ask MetaFilter. Tue, 13 Feb 2007 20:32:40 -0800 Tue, 13 Feb 2007 20:32:40 -0800 en-us http://blogs.law.harvard.edu/tech/rss 60 http://ask.metafilter.com/56968/What%2Dif What is the origin of the phrase: "what if they had ____ and nobody came?" tag:ask.metafilter.com,2007:site.56968 Tue, 13 Feb 2007 20:32:40 -0800 came nobody revolution Krrrlson http://ask.metafilter.com/37472/nobody%2Dspam How can I determine exactly from where or how a server's email queue is being filled with outgoing spam from user 'nobody'? Here's the basic set up:<br> Redhat 9.0<br> Apache 1.3.34<br> Exim 4.52<br> Cpanel - latest version<br> (note: I'm looking at about 1,500 of these set ups, so massive changes aren't going to be possible, including the use of phpsuexec.)<br> <br> So the deal is, a spam complaint comes in pegging a certain IP address as the culprit. I match it up with the actual server and find a mail queue with 60,000 outgoing messages, 59,995 of which are spam. The outgoing address is nobody@hostname.com (of course), since Apache runs as user nobody.<br> <br> Occassionally, I can match up the timestamp of an email to an Apache log entry, showing me that a certain "contact us" script, or something of the sort, is being exploited. At that point, the"fix" is easy. But more often than not, especially when the cPanel installation has about 250 accounts, trying to find THE insecure script responsible for the creation of thousands of outgoing emails is like looking for a needle in a hystack.<br> <br> Does anyone have any suggestions on how I can attack this problem more efficiently and productively? tag:ask.metafilter.com,2006:site.37472 Wed, 03 May 2006 06:54:05 -0800 apache cpanel email exim nobody redhat server spam Witty