GoFuckYourself.com - Adult Webmaster Forum - Spam using formmail.pl (Alert!!)

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Spam using formmail.pl (Alert!!) (https://gfy.com/showthread.php?t=34837)

sans	06-24-2001 11:51 AM

Spam using formmail.pl (Alert!!)

Many of us use formmail.pl in our servers.

Widely used FormMail.pl Web-to-Email CGI Script Allows Unauthorized Users to Send Mail (e.g., spam) Anonymously. - March 16, 2001
For a full description see http://securitytracker.com/alerts/2001/Mar/1001108.html

A patched version of this script with the anti-spam fix is available at http://www.mailvalley.com/formmail/
The modified version of this formmail perl script, allows you to specify a list of recipients in a text file, who are authorized to receive emails. So the script will only send mail to addresses listed in this file thus providing spam protection.

Hope this information will be of use to webmasters and webhosting providers.

If anyone has a different solution to this problem, let me know.

surreal

06-24-2001 12:09 PM

Date: Mar 16 2001 05:31 (UTC/GMT)

No offense, but it's pretty damn old and well known, and isn't really a security hole.

------------------
surreal. freetgp.

Susan

06-24-2001 12:19 PM

If a script like this does not check HTTP_REFERER (your server address) then don't use it. A simple check like this can stop remote access.
http://www.dtp-aus.com/ has a good secure mailing script with tons of features.

pr0	06-24-2001 12:29 PM

Check this out...most of the programs the spammers use to abuse your formmail use "Recipient" to send the mails. Setting the refer ip security does nothing, since refer information can be faked or non-existent. So as a quick fix...change the script to "Boogy" as opposed to "recipient" then make the changes to your html =)

This wont stop them all, but it'll stop the ones using pre-made spam programs.

------------------

CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
Sometimes when i'm watching a sunrise..i think damn...That'd be a phat java applet!

pr0	06-24-2001 12:33 PM

Oh yea also, on that security report at http://securitytracker.com/alerts/2001/Mar/1001108.html they say the true ip of the spammer can be found in the server logs, but not the e-mail. Sure if the spammer was stupid enough not to use a simple HTTP open proxy.

Here's a list...lolol

12.23.198.32:8080
12.24.124.3:80
12.24.124.4:80
12.24.149.202:8080
12.24.192.50:8080
12.24.198.14:8080
12.24.248.3:80
12.24.248.13:80
12.24.248.13:8080
12.24.248.14:80
207.1.18.243:8080
207.1.219.222:80
207.2.12.42:80
207.2.12.46:80
207.2.12.58:80
207.2.54.2:80
207.3.16.200:80
207.3.92.252:80

I wonder how long it'd take them to find out that those ip's arent the spammers true ip =)

------------------

CelebrityDialers.com - 45-cents (webmasters) to 90-cents (resellers)
Sometimes when i'm watching a sunrise..i think damn...That'd be a phat java applet!

All times are GMT -7. The time now is 08:15 PM.