Welcome to the JaguarPC Community
JaguarPC
Sales: (888) 338-5261
Support: (888)-551-3050
Results 1 to 2 of 2

This is a discussion on Is cgiemail compromised? in the Open Discussion & Chit-chat forum
In my latest This is True newsletter, Randy Cassingham posted this tidbit: IT WASN'T A GOOD WEEKEND: Any of you with a web site, heads ...

  1. 10-14-2003, 08:02 AM #1
    Weevil
    Weevil is offline
    A-Henh! Weevil's Avatar
    Join Date
    Apr 2003
    Posts
    46

    Is cgiemail compromised?

    In my latest This is True newsletter, Randy Cassingham posted this tidbit:
    IT WASN'T A GOOD WEEKEND: Any of you with a web site, heads up: one of
    the programs used to mail the results of a web form, which many sites
    use to keep their e-mail address off the site to keep the address away
    from spammers, has been compromised ...by spammers. The program,
    "cgiemail", is used on a LOT of sites, and it's completely vulnerable.
    If you're using it, you need to get rid of it ASAP! We spent the
    weekend blocking out a spamming slimeball who was using my server to
    send out his fraudulent pitches. Grr! So if you tried to update your
    Premium address and got a weird error, or tried to send in an errata
    report, or ask for info on putting ads in TRUE, etc., and got an
    unexpected result, that's why. My friend (and Premium subscriber) Leo
    of http://www.Ask-Leo.com spent HIS weekend writing me a program to
    replace cgiemail, and making sure it worked on all my site's forms --
    so the address change page (see bottom of this issue, if you need to
    change YOUR address!), etc. are all working again now. Thanks VERY
    much, Leo -- it wouldn't have all been done by now without you.
    So, was this an isolated incident on Randy's server, or should those of using cgiemail on Jaguar be concerned?

    Admittedly, This is True gets a lot more attention than any of my sites, so I'm probably not "at risk" like Randy, but it still concerns me.

    What's the best recommended email mechanism to replace cgiemail with if I decide I need to do it?
    Reply With Quote Reply With Quote
  2. 10-14-2003, 08:47 AM #2
    G.Bloke
    G.Bloke is offline
    Just Walking...
    Join Date
    Oct 2002
    Location
    England
    Posts
    436
    Well I don't know about cgiemail but I personally wouldn't rely on any thrid party apps that allow you to pass the destination address when the form is submitted.

    It's far safer to use scripts that keep a list of addressess and then pass a reference to an address instead. I created one that uses a a mysql table of the different addresses that forms are submitted too. The form itself just has a unique reference which corresponds to an address in the table. I imagine that the same idea has been used in flat file form elsewhere.
    Last edited by G.Bloke; 10-14-2003 at 08:55 AM.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules