I have read thread after thread here and at other forums and have seen so many troubles people are having with formmail. So it has brought me to a decision to disable access to them before it gets out of hand.

Now I have seen people say chmod formmail to 000, and rename them. But everytime I see someone say that I see someone else say that doesn't work.

So my question is what DOES work?

And

Those of you who have turned off access to cgi folder, have you had many complaints form customers?

Thanks

If you have cpanel and are trying to disable the shared formmail scripts in the cgi-sys directory then do this... this works.

chmod 000 all the formmail scripts (I think there are 4 or 5)
chattr +i all the formmail scripts

If you don't chattr +i then when cpanel does it's upcp it will change the permissions back to executable. If, for some reason, you need get back control of the formmail scripts run the command

chattr -i formmail scripts

Hope that helps.

thanks 0utlier...Could you be a little more newbie friendly and show the exact paths and commands. I'm sorry but still learning. And yes it is cpanel.

Thanks again.

I was thinking about creating a group for our sendmail binary, and only people in that group would be able to execute it. Then you have to approve their script before you put them in the group. But then, they could always upload additional scripts or rewrite the ones they already have.

So I was thinking of a wrapper for the sendmail binary that checks the ownership of the script calling it. And you could make the script is owned by a specific group and only writable and executable by that group, after approving the script. But that seems to have many problems and requires us approving people's scripts, and doesn't address PHP's or JAVA's mail functions, or SMTP.

So I gave up. I checked everyone's scripts once and removed all the insecure ones and notified the user. And then mailed everyone saying that we charge huge clean up fees for those who have insecure mail scripts that are exploited to send spam. And added it to the user agreement.

If anyone has a good technical means for controlling this, I'd also like to hear it.

eMax...

Log in via ssh
In the root shell type this:

--------------------------------
locate formmail.pl
-------------------------------

Find where the cgi-sys directory is... I can't remember off the top of my head and I can't log in where I am right now.

-------------------------------
cd /usr/local/apache/cpanel/cgi-sys <--- that may not be correct. The locate command will tell you where the cgi-sys directory is then cd to that directory
-------------------------------

chmod the formmail scripts in the cgi-sys directory (There are like 5 or 6 I believe)

-------------------------------
chmod 000 formmail.pl
chmod 000 formmail.cgi
-------------------------------

Now change the attributes of the formmail scripts so the scripts aren't updated when upcp runs (there are of course 5 or 6 formmail scripts)

------------------------------
chattr +i formmail.pl
chattr +i formmail.cgi
-----------------------------

That should do it... Have fun.

thanks for that walk through......This is what I did.....


[/usr/local/cpanel/cgi-sys]# chmod 000 formmail.pl
[/usr/local/cpanel/cgi-sys]# chmod 000 FormMail.pl
[/usr/local/cpanel/cgi-sys]# chmod 000 FormMail-clone.cgi
[/usr/local/cpanel/cgi-sys]# chmod 000 FormMail.cgi
[/usr/local/cpanel/cgi-sys]# chmod 000 formmail.cgi
[/usr/local/cpanel/cgi-sys]# chattr +i formmail.pl
[/usr/local/cpanel/cgi-sys]# chattr +i FormMail.pl
[/usr/local/cpanel/cgi-sys]# chattr +i FormMail-clone.cgi
[/usr/local/cpanel/cgi-sys]# chattr +i FormMail.cgi
[/usr/local/cpanel/cgi-sys]# chattr +i formmail.cgi

Any of these other types of script used for sending out spam that you may or anyone else may know of?

entropybanner.cgi*
helpdesk.cgi*
entropybanner.cgi-wrap*
mchat.cgi*
addalink.cgi*
entropysearch.cgi*
randhtml.cgi*
cgiecho*
randhtml.cgi-wrap*
cgiemail*
realhelpdesk.cgi*
Count.cgi*
realsignup.cgi*
countedit.cgi*
scgiwrap*
signup.cgi*
domainredirect.cgi*
guestbook.cgi*

and about my other question above..........
Those of you who have turned off access to cgi folder, have you had many complaints form customers?


Thanks again!

BTW for cpanel user, is this good to have checked?

Prevent the user 'nobody' from sending out mail to remote addresses (php and cgi scripts generally run as nobody if you are not using phpsuexec and suexec respectively.)

or would that interfere with forums?