Close security hole which allows CGI to send spam

Completed Posted Oct 6, 2005 Paid on delivery
Completed Paid on delivery

Most of our CGI scripts are secured against spurious inputs; clearly we have one that escaped our attention. We are currently under a dDOS attack from a set of IP's which are submitting data to a particular one of our scripts, causing it to send various spam instead of its intended function. This needs to be identified and fixed.

## Deliverables

1. Capture http input for a few minutes to observe exactly how the attack is being performed. I'm guessing that additional newline characters are being passed to force an early mail header to instead function as the remainder of the mail headers plus body, but I have no proof of this yet. This project requires that you report on exactly what method is being used by the attackers.

2. Once the above has been done, please correct the problem, e.g., by preventing the spurious input of illegal characters.

**You will be required to sign an NDA contract using PGP. Strong preference will be given to Coders who provide public PGP key _in their bid_.** If you do not understand what this means, please don't bid; I really don't have time to explain this right now. Sorry.

* * *1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.

2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):

a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.

b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.

3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).

## Platform

Perl/CGI, Linux, Apache

Amazon Web Services Engineering Linux MySQL Odd Jobs Perl PHP Software Architecture Software Testing Web Hosting Website Management Website Testing

Project ID: #3920580

About the project

2 proposals Remote project Active Oct 12, 2005

Awarded to:

czarinavw

See private message.

$17 USD in 1 day
(1 Review)
0.5

2 freelancers are bidding on average $30 for this job

virtuamagictm

See private message.

$42.5 USD in 1 day
(21 Reviews)
5.1