[plug] Help with spam

[Anthony J. Breeds-Taurima]

On Fri, 27 Jul 2001, Evan Lau wrote:

> Hi guys again,
>
> Suspected that this was a FormMail problem....so looked into the Apache
> logs and found this:
>
> aca2b934.ipt.aol.com - - [27/Jul/2001:00:55:57 +0800] "GET
> /cgi-bin/FormMail.pl?recipient=IAmThAOnE14 at aol.com,Ramblin725 at aol.com,Shorty
> 1271 at aol.com,BabybluesJL at aol.com,FFCraig441 at aol.com,MahLei at aol.com,Wardpmks@
> aol.com,Dinolawinter at aol.com,Gratefulrdog at aol.com,Mike4ya at aol.com,ToneKapone
> 21 at aol.com,ChrisZ1217 at aol.com,Hap4u4evr at aol.com,NghtMyst00 at aol.com,WATTmstr@
> aol.com,Balich at aol.com,Fphibbs10 at aol.com,Princess22522 at aol.com,Snowboardstud
> @aol.com,Dsoccerchick15 at aol.com,&email=dfybfnbaid at aol.com&subject=The+Pictur
> e+Database+++++++++gklp&=Quality+pics+%3CA+HREF%3D%22aol%3A%2F%2F1223%3A2626
> 0%2Fhttp%3A%2F%2Fpicturedatabase.persik.ru%22%3Ehere%3C%2Fa%3E+at+the+pictur
> e+database<br><br>1956 HTTP/1.1" 200 1099 Mozilla/4.0 (compatible; MSIE 5.5;
> Windows 98; Win 9x 4.90)
>
> So we've been getting "SpamCop" messages from AOL even though the
> bad guys are from aol. I haven't worked that much with Apache so could
> anyone tell me how I could prevent this....either in the httpd.conf file or
> the
> FormMail.pl file?

In FormMail.pl

--------
##############################################################################
# FormMail                        Version 1.6                                #
# Copyright 1995-1997 Matt Wright mattw at worldwidemart.com                    #
# Created 06/09/95                Last Modified 05/02/97                     #
# Matt's Script Archive, Inc.:    http://www.worldwidemart.com/scripts/      #
##############################################################################
<snip>
# @referers allows forms to be located only on servers which are defined     #
# in this field.  This security fix from the last version which allowed      #
# anyone on any server to use your FormMail script on their web site.        #

@referers = ('domain1.net.au','domain2.com','203.26.6.29','203.26.6.1');
--------
Like Matt said Refferer is easily forged BUT setting it does tend to slow
people down.  I was hit (will tested) by these same people about 2 months
back.

They went away quickish.


Yours Tony.

/*
 * "The significant problems we face cannot be solved at the
 * same level of thinking we were at when we created them."
 * --Albert Einstein
 */