Results 1 to 10 of 10
-
01-01-2008, 12:29 PM #1Junior Guru Wannabe
- Join Date
- Feb 2006
- Posts
- 66
Insecure FormMail.pl, need a form script
I'm using Matt Wright's FormMail.pl CGI script but it is insecure contact form:
http://www.monkeys.com/formmailer/about.html
both old versions and even the latest version of the FormMail.pl script are a very bad thing to have installed anywhere on any of your web servers.
-
01-01-2008, 12:35 PM #2
Here's a nice one: http://www.dagondesign.com/articles/...mailer-script/
Takes a little playing with to configure, but it's darn good.Your one stop shop for decentralization
-
01-01-2008, 12:42 PM #3Junior Guru Wannabe
- Join Date
- Feb 2006
- Posts
- 66
-
01-01-2008, 05:22 PM #4Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
If you'd prefer a direct replacement for Matt's formmail, the nms version is secure and well-written.
Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
01-01-2008, 06:57 PM #5Web Hosting Master
- Join Date
- Jan 2006
- Location
- Athens, Greece
- Posts
- 1,481
I have heard many times for the exploits on this form. Shouldn't that guy call it a quit with MailForm? anyway
-
01-01-2008, 07:15 PM #6Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Matt did stop developing these scripts some years back, and now recommends the nms versions. I think the problem is that they were so popular in their day that there are still many old ones floating around...
Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
01-01-2008, 08:00 PM #7Junior Guru Wannabe
- Join Date
- Feb 2006
- Posts
- 66
I'm using NMS FormMail Version 3.11c1 in all my forms....
Description: someoen is sending messages to my cell from an account anabelle@xxxx.com please do not send anything to my cell because I'm being cherged for those messages.
I checked the form NMS what maybe it is the cause. Still do not have a header of a spam email. First step I disabled the forms while gathering for clues.
Advice always is appreciated
-
01-01-2008, 08:11 PM #8
It's impossible to tell if the spam originated from that form script without seeing the headers. More likely someone is faking the origin of the messages instead.
I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it. Switched to PHP, and captcha, no more issue.Your one stop shop for decentralization
-
01-01-2008, 08:14 PM #9Retired Moderator
- Join Date
- Feb 2005
- Location
- Australia
- Posts
- 5,849
Spammers almost invariably spoof the sender - you need the messages before concluding anything. If they are coming from your formmail program, check the config - it should only send to addresses explicitly allowed there.
Edit:
I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
-
01-02-2008, 09:29 PM #10Newbie
- Join Date
- Jan 2008
- Posts
- 6
<<why not>> make your own..<<snipped>>
This is simple make a html form with the get or post method, and make set it to sendmail.php(or whatever you name your php file), and then make a php page to validate the input's and send the email, EZ PZ stuff.
GGLast edited by bear; 01-02-2008 at 09:37 PM.