01-01-2008, 12:29 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Feb 2006
Posts: 62
|
|
Insecure FormMail.pl, need a form script
I'm using Matt Wright's FormMail.pl CGI script but it is insecure contact form:
http://www.monkeys.com/formmailer/about.html
Quote:
|
both old versions and even the latest version of the FormMail.pl script are a very bad thing to have installed anywhere on any of your web servers.
|
Need to switch to a better solution, please need some advice...
|
01-01-2008, 12:35 PM
|
|
Community Leader
|
|
Join Date: Oct 2002
Location: cognito
Posts: 17,308
|
|
Here's a nice one: http://www.dagondesign.com/articles/...mailer-script/
Takes a little playing with to configure, but it's darn good.
__________________
Have problems (don't we all)? Head over to the help desk
If at first you don't succeed, that's one data point.
|
01-01-2008, 12:42 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Feb 2006
Posts: 62
|
|
Quote:
Originally Posted by bear
|
Thanks, looking into right now..notice a lot of features...
|
01-01-2008, 05:22 PM
|
|
Community Liaison 2.0
|
|
Join Date: Feb 2005
Location: Australia
Posts: 5,109
|
|
If you'd prefer a direct replacement for Matt's formmail, the nms version is secure and well-written.
__________________
Chris
"Learn from the mistakes of others. You can never live long enough to make them all yourself." - Groucho Marx
|
01-01-2008, 06:57 PM
|
|
Community Guide
|
|
Join Date: Jan 2006
Location: Athens, Greece
Posts: 1,479
|
|
I have heard many times for the exploits on this form. Shouldn't that guy call it a quit with MailForm? anyway
|
01-01-2008, 07:15 PM
|
|
Community Liaison 2.0
|
|
Join Date: Feb 2005
Location: Australia
Posts: 5,109
|
|
Matt did stop developing these scripts some years back, and now recommends the nms versions. I think the problem is that they were so popular in their day that there are still many old ones floating around...
__________________
Chris
"Learn from the mistakes of others. You can never live long enough to make them all yourself." - Groucho Marx
|
01-01-2008, 08:00 PM
|
|
Junior Guru Wannabe
|
|
Join Date: Feb 2006
Posts: 62
|
|
I'm using NMS FormMail Version 3.11c1 in all my forms....
Quote:
|
Description: someoen is sending messages to my cell from an account anabelle@xxxx.com please do not send anything to my cell because I'm being cherged for those messages.
|
I received this notification early today, I trying to figure out what kinda exploit it is.
I checked the form NMS what maybe it is the cause. Still do not have a header of a spam email. First step I disabled the forms while gathering for clues.
Advice always is appreciated
|
01-01-2008, 08:11 PM
|
|
Community Leader
|
|
Join Date: Oct 2002
Location: cognito
Posts: 17,308
|
|
It's impossible to tell if the spam originated from that form script without seeing the headers. More likely someone is faking the origin of the messages instead.
I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it. Switched to PHP, and captcha, no more issue.
__________________
Have problems (don't we all)? Head over to the help desk
If at first you don't succeed, that's one data point.
|
01-01-2008, 08:14 PM
|
|
Community Liaison 2.0
|
|
Join Date: Feb 2005
Location: Australia
Posts: 5,109
|
|
Spammers almost invariably spoof the sender - you need the messages before concluding anything. If they are coming from your formmail program, check the config - it should only send to addresses explicitly allowed there.
Edit:
Quote:
|
I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it.
|
Me too, but I added a captcha to nms formmail.
__________________
Chris
"Learn from the mistakes of others. You can never live long enough to make them all yourself." - Groucho Marx
|
01-02-2008, 09:29 PM
|
|
Newbie
|
|
Join Date: Jan 2008
Posts: 5
|
|
<<why not>> make your own..<<snipped>>
This is simple make a html form with the get or post method, and make set it to sendmail.php(or whatever you name your php file), and then make a php page to validate the input's and send the email, EZ PZ stuff.
GG
Last edited by bear; 01-02-2008 at 09:37 PM.
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
