Cgi-bin problem - related to email spoofing?


#1

My client has had problems with getting thousands of bounces from spoofers’ spam. I just noticed that his cgi-bin directory is full of hundreds of small files, each one of which is named an email address that he doesn’t own (like abbey300@hisdomain.com).

I assume these two things are related? Is it safe to delete these files from the cgi-bin? Could someone explain why this happens?


#2

I’m not sure about the E-mail part of your question, but DH doesn’t create a CGI-bin directory. CGI works anywhere in the web-accessable area, are you sure that’s not a part of some program you or your client has installed?

If not, you should check into how thoes files got there. If someone is able to palce files on your account you need to change user names and passwords, and make sure all of your applications are up-to-date and secure. No one but you (and possibly your client) should be able to place files on your website.

-Matttail