Re: Formmail and spam attack

by Greg Hart <ghhart(at)earthlink.net>

 Date:  Tue, 22 Oct 2002 14:55:27 -0400
 To:  hwg-techniques(at)mail.hwg.org
 In-Reply-To:  rr
  todo: View Thread, Original
At 11:33 AM 10/22/2002 -0700, you wrote:
>This weekend I made the unpleasant discovery that a spammer was
>apparently using a formmail script on my client's site to send out porno
>spam. Thousands of messages went out, all with my client's return
>address.
>
>The tech folks at the hosting company said spammers can exploit a
>weakness in formmail to launch their email. They recommended upgrading my
>version (I had 1.9 and I found 1.92 at Matt's Script Archive).
>
>Has this happened to anyone here? Is the recommendation I received
>sufficient or are there other steps I should take?

The newer versions of Formmail only allow emails to be sent if you have 
those domains listed inside the script...however, both 1.9 and 1.92 have 
this, so I'm not sure if there was another flaw in 1.9 or not, or maybe the 
hosting company was using the typical "upgrade to fix it" excuse. I know 
I've tested forms before and had forgotten to put the test email domain in 
the script, making it unhappy, so that part of the security seems to work, 
and that was using version 1.9. I'd like to find out myself if there's a 
problem we need to watch for.

- Greg Hart

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA