Close security hole which allows CGI to send spam

Ukończone Opublikowano Oct 6, 2005 Płatność przy odbiorze
Ukończone Płatność przy odbiorze

Most of our CGI scripts are secured against spurious inputs; clearly we have one that escaped our attention. We are currently under a dDOS attack from a set of IP's which are submitting data to a particular one of our scripts, causing it to send various spam instead of its intended function. This needs to be identified and fixed.

## Deliverables

1. Capture http input for a few minutes to observe exactly how the attack is being performed. I'm guessing that additional newline characters are being passed to force an early mail header to instead function as the remainder of the mail headers plus body, but I have no proof of this yet. This project requires that you report on exactly what method is being used by the attackers.

2. Once the above has been done, please correct the problem, e.g., by preventing the spurious input of illegal characters.

**You will be required to sign an NDA contract using PGP. Strong preference will be given to Coders who provide public PGP key _in their bid_.** If you do not understand what this means, please don't bid; I really don't have time to explain this right now. Sorry.

* * *1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.

2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):

a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.

b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.

3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).

## Platform

Perl/CGI, Linux, Apache

Amazon Web Services Inżynieria Linux MySQL Odd Jobs Perl PHP Architektura oprogramowania Testowanie oprogramowania Usługi hostingowe Administracja serwisami WWW Testowanie serwisów WWW

Numer ID Projektu: #3920580

O projekcie

2 ofert Zdalny projekt Aktywny Oct 12, 2005

Przyznany użytkownikowi:

czarinavw

See private message.

$17 USD w 1 dzień
(1 Ocena)
0.5

2 freelancerów złożyło ofertę za $30 w tym projekcie

virtuamagictm

See private message.

$42.5 USD w ciągu 1 dnia
(21 Oceny)
5.1