peterr has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

As a CPanel user, I was disappointed to learn that one of the latest modifications, includes running a Perl script from Exim to add some email headers, in an attempt to trace the source of spammers.

These new "X-Source" headers added are of the format:

X-Source:
X-Source-Args: /usr/local/apache/bin/httpd -DSSL
X-Source-Dir: /home/username/public_html

where 'username' is the "root/shell" username of the domain.

Whilst I support the idea/concept of doing more to trace the source of spamming (I send any spam to SpamCop, so I do support anti-spam measures), it shoud NEVER be at the expense of security.

Now we have domain login usernames being sent out in emails, not a very intelligent or security conscious modification, on the part of CPanel developers, to say the least. :(

So, .. what has all this to do with Perl ??

Apparently perl is used now to obtain this:

X-Source-Dir: /home/username/public_html

and for obvious security reasons, we would prefer it to be something like this:

X-Source-Dir: /home/"$pid"/public_html

I know the syntax is wrong, but you get my point, I hope. :)

How about using GUID or UID ?? This is on a Linux box. Surely, there must be some way that Perl can identify 'WHO' the spammer is (sourced from the same server), so that the sysadmin person can easily identify the domain on the server, or the 'username' on the server, but represent the username in another format, that only means something to someone with (sysadmin) root access.

Somehow, we need to protect the identity of the username (login username to a domain), yet still be able to find out the source of who is sending out spam on the server.

In summary, can Perl be used to used to trace the source of spamming, but at the same time, does not, in any way, compromise website security.

Peter
  • Comment on Can the username be represented differently ?

Replies are listed 'Best First'.
Re: Can the username be represented differently ?
by atcroft (Abbot) on Jun 28, 2004 at 05:22 UTC

    You may want to look at getpwnam(). Reading the documentation, it appears that if you call it in a scalar context giving it the username, you will get back the UID:

      $uid = getpwnam($name);

    [download]
    Then you can replace as desired.

    As to using the PID (process ID) or GID (group ID), many systems only carry a PID up to a certain value, such as 65535, then wrap back around, so on a busy system you can wrap within a very short time. As to using the GID, this might point you only as far as a group the user was in, but not necessarily down to the particular user, which would not be as helpful should you be trying to track down one of your users accused of spamming.

    Hope that helps.

[reply]
[d/l]
      Hi,

      Thanks for your reply. It's been a few mths since I used Perl, the file is CMOD to 744 like the other perl files, I upload it in ascii, yet keep getting the old "premature end of script headers" msg. Do I need any modules to run this ?

      #!/usr/bin/perl -wT

$name = 'myusername';
$uid = getpwnam($name);
print "$uid: $uid;

      [download]


      Peter
[reply]
[d/l]

        744 translate to "rwxr--r--", but if you are running it as a CGI for testing you probably need it set as 755 ("rwxr-xr-x"). Also, in such a case, you likely want to include $|=1; after the #!/usr/bin/perl -wT line. You may also want to check the webserver error log to see if there is anything else occurring.

        Hope that helps.

[reply]
[d/l]
[select]
Re: Can the username be represented differently ?
by tachyon (Chancellor) on Jun 28, 2004 at 05:28 UTC

    You could quite easily use UID/GUID (and in fact some anti spam headers do, the values live in $> and $< ) 

    [james@devel3 root]$ perl -e 'print $>,$/, $<, $/';
506
506
[james@devel3 root]$ su root
Password:
[root@devel3 root]# perl -e 'print $>,$/, $<, $/';
0
0
[root@devel3 root]#

    [download]

    cheers

    tachyon

[reply]
[d/l]
      Hi,

      I get a "premature end of script headers" message, when trying with this

      #!/usr/local/bin/perl -w

print $>;
print $/;
print $<;
print $/;

      [download]


      Peter
[reply]
[d/l]

        I get a "premature end of script headers" message, when trying with this

        That would be because you are using CGI and not sending any headers :o) See CGI Help Guide 

        #!/usr/local/bin/perl -w

print "Content-Type: text/plain\n\n";

print $>;
print $/;
print $<;
print $/;

        [download]

        cheers

        tachyon

[reply]
[d/l]
Re: Can the username be represented differently ?
by Zaxo (Archbishop) on Jun 28, 2004 at 05:45 UTC

    If you wish to give away nothing about your user accounts, you could apply crypt to the username. If you need to trace a name, you can grep through getpwent for the user whose system name crypts equal using the same salt.

    After Compline,
    Zaxo

[reply]
      I'm not too sure I could do that, a bit out of my league.

      Peter
[reply]
Re: Can the username be represented differently ?
by peterr (Scribe) on Jun 28, 2004 at 06:44 UTC
    Hi,

    Thanks to everyone for your help. I'm not too sure about using the crypt() function though, looks a bit hard for me. Now, it we put out the email headers like this now:

    X-Source-Dir: /home/32149/public_html

    how do we (or the sysadmin person) use Perl to convert it back to the username ??

    Peter
[reply]
      It's okay, I found out:

      $newname = getpwuid($uid);
print "newname: $newname";

      [download]


      Works too. :D

      Peter
[reply]
[d/l]
        Given the number 32149, who can convert this back to the username ?

        1. Obviously I can, as I'm the user and it works okay.
        2. Hopefully the 'sysadmin' can.
        3. What about other users on the same server ?
        4. Can anyone else convert the number back to the username ?

        Peter
[reply]

Back to Seekers of Perl Wisdom