Results 1 to 8 of 8
  1. #1

    Found an alternate to matt wrights formmail

    that actually does some good. It will send off a email to the abusers isp if they are attempting to exploit 1.6+ of mw's formmail

    http://www.home-port.net/formmail/

    The problem is, im having problems with the global setup, i want to set it so it looks like


    # Global Alias for entire server
    Alias /cgi-bin/formmail.pl /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/formmail.cgi /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/FormMail.cgi /home/mypath/www/formmail/formmail.php
    Alias /cgi-bin/FormMail.pl /home/mypath/www/formmail/formmail.php

    But when i try it, nothing happens, Anyone got any suggestions? if this can be setup, its a great idea, yah i know formmail is also at cgi-sys but theres no way to force my customers to use it. so the next ideal step is to just cut them off at the server level so if they are still using formmail in their cgi-bin, they would unknowingly be using our formmail

  2. #2
    PS: i can get it to work say if i setup something like

    Alias /cgi-bina/formmail.cgi /home/directory/www/formmail/formmail.php

    but not cgi-bin

  3. #3
    Join Date
    Apr 2002
    Posts
    930
    Do you still have the ScriptAlias lines for the domain's cgi-bin? You might try commenting that line out, and see if that fixes it.

  4. #4
    Join Date
    Jul 2001
    Location
    Toronto, ON.
    Posts
    312
    btw, the following is supposed to be a much more secure form mailer. it might be worth checking out.

    http://nms-cgi.sourceforge.net/

  5. #5
    The point im making the formmail above, is its in fact both secure & it acts as a spam complaint system, anyone who tries to exploit the bug in 1.6 will have their ISP notified.

  6. #6
    when i remove the scriptalias and restart apache, all i get is a 404 for any existing script and the new alias

  7. #7
    Join Date
    Jul 2002
    Posts
    311
    Hello Gary,

    did you get this to work globally on the server, if you were successful, could you give us an "How - To" on it .

    Regards/-

  8. #8
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,953
    Hmm...I think I'll look into using this too. I'd rather they stopped trying and get busted than go where I send them. I redirect requests for this to pr0n.com.
    Seemed like a good idea at the time...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •