%£*&$£"!"# spammers!

**Mandi Apple** · 06-30-2003, 12:14 PM

:smilie_sp

So spammers are using my Jag-installed formmail to spam all and sundry - it seems as if they're working through the AOL and Yahoo directories alphabetically. I'm up to 410 bounces already today (since about 6.45 this morning, UK time) so God knows what's been getting through. I've taken out a ticket and Lijoe's been sympathetic and reinstalled the cpanel script and other software, but it's still going on.

Is there *anything* I can do to stop this? At all? It's absolutely disgusting that someone can do this... and it's destroying my site's reputation and its bandwidth.

Anyone? Please??? Pretty Please?????

**mattsiegman** · 06-30-2003, 02:27 PM

take formmail down until you get a more secure replacement

**gerilya** · 06-30-2003, 03:17 PM

Hi Mandi,
Are you sure someone uses your script? May be they just put your e-mail address as return address to all the mails they send.
What is formmail anyway? And what do you use it for?
If it is only for "contact us" page then I am pretty confused on how one can send e-mails to different addresses using the script that should not let users specify the destination address.

**mattsiegman** · 06-30-2003, 04:28 PM

formmail is a script by Matt Wright. It was written in or around 1995 (I think), and, while very good back then, are no longer considered very secure or well written.

**gerilya** · 06-30-2003, 04:58 PM

mattsiegman,
does it mean that it is possible to specify receiver's e-mail as a parameter to that script?

**Connie** · 06-30-2003, 07:09 PM

What is formmail anyway? And what do you use it for?

I think a formmail is a script you use to collect visitors
e-mail address or other information you might collect from a visitor
using a script.

If it is only for "contact us" page then I am pretty confused on how one can send e-mails

I don't understand the tech side of this but I do know that a Spamer can use your
form mail script to send Spam thru your web site. Maybe Matt, Jason or some other
knowledgeable person will shed more light on this. We have a e-mail sign up on every
page of our web-site. Our error logs show that someone is constantly trying to
access formmail. We don't use formmail so there attempts results in an error.

Jag-installed formmail to Spam

My understanding is that the Jag formmail script is safe to use. There could be
a bug in your script, but my guess would be that the Spamer is just using your
return address in the Spam being sent.

**jason** · 06-30-2003, 09:14 PM

Originally posted by clssam
[B] Maybe Matt, Jason or some other
knowledgeable person will shed more light on this.

Oh, alright...

Most of the story has laready been told here. Matt Write wrote Formmail when he was about 14 years old. His scripts are available at http://www.scriptarchive.com. At the time, Formmail was a great tool. It takes all of the variables you submit in your form and formats them into an easy to read mail message.

Formmail takes a recipient address as a field in the form. Newer versions have controls in them to limit the domains and/or email addresses that can receive the messages it creates. In the old days, however, Matt was only concerned with preventing someone else linking to your install of the script. In those days spam wasn't an issue like it is now, so no one thought twice about Formmail. Times have changed, but unfortunately, many sites still have those older versions of the script installed. Many hosts have taken measures to prevent spam from Formmail, including Jag. I believe they won't allow any scripts that contain "form" or "mail" in the names to be executed on the servers here.

The CPanel installed version of Formmail is supposed to be safe, so it probably isn't the cause of spam from your site. More likely someone is just forging headers using your address to send spam from a different server. Since your's is the return address, however, bounced messages (and complaints) come to you. See this thread to figure out where its coming from and what to do about it.

Good luck!

--Jason

**salewit** · 07-02-2003, 11:23 PM

Just curious. I use Formmail on a couple of sites. I downloaded the most recent version which claims to have many of these "flaws" fixed. I've also changed the name of the script (for whatever that is worth) to something that wouldn't identify it as Formmail.

Maybe Mandi should try upgrading Matt's Formmail to the newer version which supposedly safeguards against this.

http://www.scriptarchive.com/formmail.html

LinkBack

Thread Tools

Display

%£*&$£"!"# spammers!

Bookmarks

Bookmarks

Posting Permissions