Re: Porno spam using form submissions

by "Angel One" <angelone(at)>

 Date:  Sun, 2 Dec 2001 00:07:25 -0500
 To:  <hwg-techniques(at)>
 References:  upsdell
  todo: View Thread, Original
    Hi All,
    I thought Matt's script allowed you to block other I.P.'s with this line
of code:
# @referers allows forms to be located only on servers which are defined
# in this field.  This security fix from the last version which allowed
# anyone on any server to use your FormMail script on their web site.

@referers = ('','yourI.P.number');

Dosen't that keep others from using your script?

~       Paul Angel

Should you need a domain name registered I highly recomend  DirectNIC.
It's just $15 per year with several perks and great service!

----- Original Message -----
From: "Charles A Upsdell" <cupsdell(at)>
To: <hwg-techniques(at)>
Cc: "doonavitch" <ddoonan1(at)>
Sent: Saturday, December 01, 2001 1:20 PM
Subject: Re: Porno spam using form submissions

> Someone hijacked my formmail procedure earlier in 2001:  it went on for
> months before I discovered it was happening.  I was using the latest
> version of Matt's formmail.  What I finally did to stop it was to rename
> the formmail procedure:  the spammers are clearly searching for
> procedures to hijack, so renaming the procedure can be effective.
> At 06:36 AM 12/01/01, you wrote:
> >A couple of porno-related pieces of spam arrived yesterday. Both were
> >as being the result of form submissions. The first one I simply deleted.
> >second one was submitted from a site called
> >
> >Looking at the html source, the second email actually came from a
> >auto parts business. It appears that someone either has hacked their
> >servers, or is using a form submission on their site to redirect.
> >
> >Considering that many of my sites are using form submissions to gather
> >information, what can I do to make sure that no one is using them to send
> >out spam using my server?
> >
> >David
> -
> Chuck Upsdell
> Email:     cupsdell(at)
> Website:

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA