Perl modules that "phone home"

Perl modules that "phone home"

am 29.07.2011 22:47:01 von sono-io

When placing test orders in my re-factored shopping cart on my =
MacBook Pro, Little Snitch is warning me that Perl is trying to connect =
to the following servers when an order is completed and the confirmation =
e-mail is being sent to the customer:

=08nullmx.yourdomain.com
=08wdfgh.com
=08mailsrv.gh.com

I don't think that this should be happening. I mean, who are =
these domains and what info is being sent to them? I did some digging =
and found out that yourdomain.com is owned by GoDaddy, wdfgh.com is =
owned by some Chinese company, and gh.com is owned by a company in =
Ghana!

How can I find out which module(s) is doing this? I don't want =
to go live until I'm able to stop this, since I don't know how much, if =
any, of the customers information may be compromised.

Thanks,
Marc=

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: Perl modules that "phone home"

am 29.07.2011 23:49:24 von Mark Wagner

On Fri, Jul 29, 2011 at 13:47, Marc wrote:
>        When placing test orders in my re-factored sho=
pping cart on my MacBook Pro, Little Snitch is warning me that Perl is tryi=
ng to connect to the following servers when an order is completed and the c=
onfirmation e-mail is being sent to the customer:
>
>  nullmx.yourdomain.com

This looks like a configuration error to me: something's expecting you
to fill in your domain and mailserver, and you haven't done that.

>  wdfgh.com

Likewise: "wdfgh" looks like the result of mashing the keyboard; the
fact that a company in China owns the domain is probably pure
coincidence.

>  mailsrv.gh.com

No idea about this one.

>
>        How can I find out which module(s) is doing th=
is?  I don't want to go live until I'm able to stop this, since I don'=
t know how much, if any, of the customers information may be compromised.
>

Most Perl modules are ordinary text files, so grepping around in the
modules directory for things like "mailsrv" or "wdfgh" should tell you
which modules are responsible.

--=20
Mark Wagner

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: Perl modules that "phone home"

am 30.07.2011 02:05:24 von sono-io

On Jul 29, 2011, at 2:49 PM, Mark Wagner wrote:

> Most Perl modules are ordinary text files, so grepping around in the
> modules directory for things like "mailsrv" or "wdfgh" should tell you
> which modules are responsible.

Mark,

I was able to do that with TextWrangler, but didn't find =
anything. However, your other suggestions got me thinking. So I =
searched our test data and found the culprit domains there. Slightly =
embarrassing, but I'm glad to know that it's not some nefarious plan to =
steal credit card data! ;-)

Sorry for the false alarm.

Thanks for your help,
Marc=

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/

Re: Perl modules that "phone home"

am 30.07.2011 02:34:32 von Shawn Wilson

--90e6ba613d72d4f99704a93e8f17
Content-Type: text/plain; charset=ISO-8859-1

On Jul 29, 2011 8:06 PM, "Marc" wrote:
>
> On Jul 29, 2011, at 2:49 PM, Mark Wagner wrote:
>
> > Most Perl modules are ordinary text files, so grepping around in the
> > modules directory for things like "mailsrv" or "wdfgh" should tell you
> > which modules are responsible.
>
> Mark,
>
> I was able to do that with TextWrangler, but didn't find anything.
However, your other suggestions got me thinking. So I searched our test
data and found the culprit domains there. Slightly embarrassing, but I'm
glad to know that it's not some nefarious plan to steal credit card data!
;-)
>

Hmmm, Acme::CC::Bandit anyone?

--90e6ba613d72d4f99704a93e8f17--

Re: Perl modules that "phone home"

am 30.07.2011 02:54:44 von sono-io

On Jul 29, 2011, at 5:34 PM, shawn wilson wrote:

> Hmmm, Acme::CC::Bandit anyone?

I wonder how many others fell for that one? =:\

That's not a nice trick to play on a "beginners" list, ya know. =;)

--
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org
http://learn.perl.org/