hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Insecure FormMail.pl, need a form script
Reply

Forum Jump

Insecure FormMail.pl, need a form script

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 01-01-2008, 12:29 PM
tormeu tormeu is offline
Junior Guru Wannabe
 
Join Date: Feb 2006
Posts: 65
Question

Insecure FormMail.pl, need a form script


I'm using Matt Wright's FormMail.pl CGI script but it is insecure contact form:

http://www.monkeys.com/formmailer/about.html

Quote:
both old versions and even the latest version of the FormMail.pl script are a very bad thing to have installed anywhere on any of your web servers.
Need to switch to a better solution, please need some advice...

Reply With Quote


Sponsored Links
  #2  
Old 01-01-2008, 12:35 PM
bear bear is offline
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,500
Here's a nice one: http://www.dagondesign.com/articles/...mailer-script/

Takes a little playing with to configure, but it's darn good.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!



Reply With Quote
  #3  
Old 01-01-2008, 12:42 PM
tormeu tormeu is offline
Junior Guru Wannabe
 
Join Date: Feb 2006
Posts: 65
Quote:
Originally Posted by bear View Post
Here's a nice one: http://www.dagondesign.com/articles/...mailer-script/

Takes a little playing with to configure, but it's darn good.
Thanks, looking into right now..notice a lot of features...

Reply With Quote
Sponsored Links
  #4  
Old 01-01-2008, 05:22 PM
foobic foobic is online now
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,750
If you'd prefer a direct replacement for Matt's formmail, the nms version is secure and well-written.

__________________
Chris

"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Reply With Quote
  #5  
Old 01-01-2008, 06:57 PM
Steve_Arm Steve_Arm is offline
Community Guide
 
Join Date: Jan 2006
Location: Athens, Greece
Posts: 1,479
I have heard many times for the exploits on this form. Shouldn't that guy call it a quit with MailForm? anyway

__________________


Reply With Quote
  #6  
Old 01-01-2008, 07:15 PM
foobic foobic is online now
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,750
Matt did stop developing these scripts some years back, and now recommends the nms versions. I think the problem is that they were so popular in their day that there are still many old ones floating around...

__________________
Chris

"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Reply With Quote
  #7  
Old 01-01-2008, 08:00 PM
tormeu tormeu is offline
Junior Guru Wannabe
 
Join Date: Feb 2006
Posts: 65
I'm using NMS FormMail Version 3.11c1 in all my forms....

Quote:
Description: someoen is sending messages to my cell from an account anabelle@xxxx.com please do not send anything to my cell because I'm being cherged for those messages.
I received this notification early today, I trying to figure out what kinda exploit it is.
I checked the form NMS what maybe it is the cause. Still do not have a header of a spam email. First step I disabled the forms while gathering for clues.

Advice always is appreciated

Reply With Quote
  #8  
Old 01-01-2008, 08:11 PM
bear bear is offline
Community Leader
 
Join Date: Oct 2002
Location: Mayberry
Posts: 19,500
It's impossible to tell if the spam originated from that form script without seeing the headers. More likely someone is faking the origin of the messages instead.

I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it. Switched to PHP, and captcha, no more issue.

__________________
Having problems, or maybe questions about WHT? Head over to the help desk!



Reply With Quote
  #9  
Old 01-01-2008, 08:14 PM
foobic foobic is online now
Community Liaison 2.0
 
Join Date: Feb 2005
Location: Australia
Posts: 5,750
Spammers almost invariably spoof the sender - you need the messages before concluding anything. If they are coming from your formmail program, check the config - it should only send to addresses explicitly allowed there.

Edit:
Quote:
I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it.
Me too, but I added a captcha to nms formmail.

__________________
Chris

"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

Reply With Quote
  #10  
Old 01-02-2008, 09:29 PM
Froweey Froweey is offline
Newbie
 
Join Date: Jan 2008
Posts: 5
<<why not>> make your own..<<snipped>>
This is simple make a html form with the get or post method, and make set it to sendmail.php(or whatever you name your php file), and then make a php page to validate the input's and send the email, EZ PZ stuff.

GG


Last edited by bear; 01-02-2008 at 09:37 PM.
Reply With Quote
Reply

Related posts from TheWhir.com
Title Type Date Posted
Service Providers Push Updates to Fight OpenSSL Heartbleed Bug Web Hosting News 2014-05-01 08:31:27
Insecure Passwords at Hosting Provider Behind OpenSSL Website Defacement Web Hosting News 2014-01-03 15:29:53
Web Hosting Sales and Promos Roundup - December 6, 2013 Web Hosting News 2014-05-23 15:42:37
OpenStack and the AWS API Debate Web Hosting News 2014-05-09 12:40:29
Lead Generation Part 1 – Form Fills Blog 2012-11-16 09:03:48


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?