I have noticed that some guy is spamming to AOL'S databases from one of my dedicated servers using a bug on the file "SUBSCRIBE.CGI" from Links 2.00.

Any body know how it's been done, and how to stop or fix the bug on the file.

The only solution now, is to delete the file from the server.



tnks.



Carlos
Carlos Alcocer
http://www.arquired.net

...you could try renaming it (similar to the add.cgi fix).

Cheers

Andy (mod)
andy@ultranerds.co.uk

---

Want to give me something back for my help? Please see my Amazon Wish List
GLinks ULTRA Package | GLinks ULTRA Package PRO
Links SQL Plugins | Website Design and SEO | UltraNerds | ULTRAGLobals Plugin | Pre-Made Template Sets | FREE GLinks Plugins!

This might be be able to be worked in, it's from add.cgi, and allows access to the script only when referred from a link on your site (or whatever you put in the fields in links.cfg).


# Check the referer.
if (@db_referers and $ENV{'HTTP_REFERER'}) {
$found = 0;
foreach (@db_referers) {
$ENV{'HTTP_REFERER'} =~ /$_/i and $found++ and last;
}
if (!$found) {
&site_html_add_failure ("Auto submission is not allowed in this directory. Please visit the site to add your entry.");
return;
}
}

If it works, you would want to change the error message...


Leonard
aka PerlFlunkie