[thelist] More Questions About FormMail

Keith cache at dowebscentral.com
Sun May 19 22:37:01 CDT 2002


>What timing. I read the thread on FormMail that just ran, so I quickly
>checked out what the hosting service had on the server we were using and
>found it was an old version of Matt's FormMail. I checked the logs and saw
>we were getting hit (what a mess...server meltdown -- I'm still trying to
>find out if we made any of the  blacklists -- 17,000 successful forms!).

Be sure it's FormMail.pl that's causing the problem, anybody using
blogger.com, or any similar remote FTP scheme, is a target for spam relay too.

>I know nothing about CGI, Perl, etc. The hosting service (we're on a shared
>server) immediately put the latest FormMail on the site and I had them check
>out nms.sourceforge.net (they said they are still looking at it). In
>addition to this script, are there any other scripts that are recommended
>for an Apache server (it doesn't have to be free!)? I have access to the
>cgi-bin, so, in the meantime, can I just rename FormMail.pl to something
>else or is there more to it then that?

If you have the latest FormMail.pl from Matt's site, it's as secure as
secure gets. Matt had nothing to do with the new version, he's known about
the holes for years and refused to fix them. The new version is the result
of an open source project that had many good contributors. The new
FormMail.pl is backward compatible with the original. If it is installed as
a shared utility on the server all of the forms pointing to it will not
need to be changed in any way, although the admin for the shared script
will need to include approved recipient email addresses on the script.

Changing the name of the script is a waste of time. The attacker knows you
are using a relay script on that server - they'll find it in the action on
the forms (that's probably how they found it to begin with) .


cache at dowebscentral.com

More information about the thelist mailing list