Spam using formmail.pl (Alert!!)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • sans
    Registered User
    • Jun 2001
    • 1

    #1

    Spam using formmail.pl (Alert!!)

    Many of us use formmail.pl in our servers.

    Widely used FormMail.pl Web-to-Email CGI Script Allows Unauthorized Users to Send Mail (e.g., spam) Anonymously. - March 16, 2001
    For a full description see http://securitytracker.com/alerts/2001/Mar/1001108.html

    A patched version of this script with the anti-spam fix is available at http://www.mailvalley.com/formmail/
    The modified version of this formmail perl script, allows you to specify a list of recipients in a text file, who are authorized to receive emails. So the script will only send mail to addresses listed in this file thus providing spam protection.

    Hope this information will be of use to webmasters and webhosting providers.

    If anyone has a different solution to this problem, let me know.
  • surreal
    Registered User
    • Jun 2001
    • 21

    #2
    Date: Mar 16 2001 05:31 (UTC/GMT)

    No offense, but it's pretty damn old and well known, and isn't really a security hole.

    ------------------
    surreal. freetgp.
    surreal. UltraTGP: The ultimate TGP script. Only $80 (half of the usual price) for a limited time.

    Comment

    • Susan
      Confirmed User
      • Feb 2001
      • 772

      #3
      If a script like this does not check HTTP_REFERER (your server address) then don't use it. A simple check like this can stop remote access.
      http://www.dtp-aus.com/ has a good secure mailing script with tons of features.
      Stupid Spice

      Comment

      • pr0
        rockin tha trailerpark
        • May 2001
        • 23088

        #4
        Check this out...most of the programs the spammers use to abuse your formmail use "Recipient" to send the mails. Setting the refer ip security does nothing, since refer information can be faked or non-existent. So as a quick fix...change the script to "Boogy" as opposed to "recipient" then make the changes to your html =)

        This wont stop them all, but it'll stop the ones using pre-made spam programs.



        ------------------
        __________
        Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

        Comment

        • pr0
          rockin tha trailerpark
          • May 2001
          • 23088

          #5
          Oh yea also, on that security report at http://securitytracker.com/alerts/2001/Mar/1001108.html they say the true ip of the spammer can be found in the server logs, but not the e-mail. Sure if the spammer was stupid enough not to use a simple HTTP open proxy.

          Here's a list...lolol

          12.23.198.32:8080
          12.24.124.3:80
          12.24.124.4:80
          12.24.149.202:8080
          12.24.192.50:8080
          12.24.198.14:8080
          12.24.248.3:80
          12.24.248.13:80
          12.24.248.13:8080
          12.24.248.14:80
          207.1.18.243:8080
          207.1.219.222:80
          207.2.12.42:80
          207.2.12.46:80
          207.2.12.58:80
          207.2.54.2:80
          207.3.16.200:80
          207.3.92.252:80

          I wonder how long it'd take them to find out that those ip's arent the spammers true ip =)

          ------------------
          __________
          Loadedca$h - get sum! - Revengebucks - mmm rebills! - webair (gotz sErVrz)

          Comment

          Working...