On 19 Aug 2002 at 16:13, James Jarvis wrote: > One of the tech guys here, who quite frankly has no clue, has told me that > FormMail has been 'hacked'.
>From a post earlier regarding formmail ************** Date: Mon, 05 Aug 2002 19:22:34 -0400 Subject: [wdvltalk] RE: CGI mail script I run formmail, with no problem, setup is easy and fast. BUT >>> I recently received the following from my hosting company regarding security problems and a request to change to a new version at http://nms-cgi.sourceforge.net/scripts.shtm It is a drop-in replacement for "Matt's" formmail. I did it, no problems, in just a few minutes. See below (there have been snips). (BTW - Radiant provided the link to use matt's formmail program prior to this concern - oops :-) Bob D ********************* THE SITUATION: .. .Radiant Web Hosting clients are unwittingly permitting spammers to send unsolicited commercial emails (U.C.E aka spam email) via an exploitable CGI form mailer script .... The script is called 'formmail.cgi' or 'formmail.pl', and it has probably been sourced from Matt's Script Archive (<http://www.worldwidemart.com/scripts>).... THE PROBLEM: Due to the poor design of this script, a malicious user can send spam email simply by including the list of target email addresses in an HTTP request to Formmail. This behavior makes tracking down the origin of the spam email difficult because the only place the spammer's IP address is saved is in the Web logs of the affected site. BACKGROUND: ...... THE SOLUTION: In order to correct this situation, all instances of this script need to be disabled. An alternative script is available at < http://nms-cgi.sourceforge.net/scripts.shtml >. NMS is a set of secure scripts designed to be drop-in replacements for those in Matt's Script Archive. It will be necessary for you to download the formmail script from NMS, unzip it, and upload it to your website to replace the existing formmail program you are currently using. **************** ------- End of forwarded message ------- -- Digby Systems, Inc. COME TO THE MALL at: http://www.digbysystems.com/mall Books, CDs, Toys, WEB Page Design and Hosting, Office Supplies, Software, and More ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
