Results 1 to 8 of 8
  1. #1

    Found an alternate to matt wrights formmail

    that actually does some good. It will send off a email to the abusers isp if they are attempting to exploit 1.6+ of mw's formmail

    The problem is, im having problems with the global setup, i want to set it so it looks like

    # Global Alias for entire server
    Alias /cgi-bin/ /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/formmail.cgi /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/FormMail.cgi /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/ /home/mypath/www/formmail/formmail.php

    But when i try it, nothing happens, Anyone got any suggestions? if this can be setup, its a great idea, yah i know formmail is also at cgi-sys but theres no way to force my customers to use it. so the next ideal step is to just cut them off at the server level so if they are still using formmail in their cgi-bin, they would unknowingly be using our formmail

  2. #2
    PS: i can get it to work say if i setup something like

    Alias /cgi-bina/formmail.cgi /home/directory/www/formmail/formmail.php

    but not cgi-bin

  3. #3
    Join Date
    Apr 2002
    Do you still have the ScriptAlias lines for the domain's cgi-bin? You might try commenting that line out, and see if that fixes it.

  4. #4
    Join Date
    Jul 2001
    Toronto, ON.
    btw, the following is supposed to be a much more secure form mailer. it might be worth checking out.

  5. #5
    The point im making the formmail above, is its in fact both secure & it acts as a spam complaint system, anyone who tries to exploit the bug in 1.6 will have their ISP notified.

  6. #6
    when i remove the scriptalias and restart apache, all i get is a 404 for any existing script and the new alias

  7. #7
    Join Date
    Jul 2002
    Hello Gary,

    did you get this to work globally on the server, if you were successful, could you give us an "How - To" on it .


  8. #8
    Join Date
    Oct 2002
    State of Disbelief
    Hmm...I think I'll look into using this too. I'd rather they stopped trying and get busted than go where I send them. I redirect requests for this to
    Seemed like a good idea at the time...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts