[plug] Help with spam

markn at enspace.com markn at enspace.com
Fri Jul 27 13:40:22 WST 2001


Have a look at FormMail.pl and spam on google,

eg: 

http://www.securiteam.com/securitynews/Formmail_pl_Can_Be_Used_As_An_Open_Mail_Relay.html



I personally would just turn it off, but it depends on what it is being used
for. If its for emailing a helpdesk just hardcode the recipient. Or i prefer
to simply write the details to a db, or even to a file and send a regular mail
to the helpdesk saying you have 37 Urgent Messages, and 12345 non Urgent Messages
recieved in the last 30 minutes.

If you are using FormMail for your users to mail whomever they like, you should
use some sort of authorisation / authentication (Apache has many many modules
for this). Though maybe you should have a look around at other packages that
allow your users to access their email remotely. (Have a look at freshmeat for
web and mail).


But if you intended FormMail.pl to be available for the public to mail whoever
they feel like, thats what you've got :)

mn






>Hi guys again,
>
>Suspected that this was a FormMail problem....so looked into the Apache
>logs and found this:
>
>aca2b934.ipt.aol.com - - [27/Jul/2001:00:55:57 +0800] "GET
>/cgi-bin/FormMail.pl?recipient=IAmThAOnE14 at aol.com,Ramblin725 at aol.com,Shorty

>1271 at aol.com,BabybluesJL at aol.com,FFCraig441 at aol.com,MahLei at aol.com,Wardpmks@

>aol.com,Dinolawinter at aol.com,Gratefulrdog at aol.com,Mike4ya at aol.com,ToneKapone

>21 at aol.com,ChrisZ1217 at aol.com,Hap4u4evr at aol.com,NghtMyst00 at aol.com,WATTmstr@

>aol.com,Balich at aol.com,Fphibbs10 at aol.com,Princess22522 at aol.com,Snowboardstud

>@aol.com,Dsoccerchick15 at aol.com,&email=dfybfnbaid at aol.com&subject=The+Pictur

>e+Database+++++++++gklp&=Quality+pics+%3CA+HREF%3D%22aol%3A%2F%2F1223%3A2626

>0%2Fhttp%3A%2F%2Fpicturedatabase.persik.ru%22%3Ehere%3C%2Fa%3E+at+the+pictur

>e+database<br><br>1956 HTTP/1.1" 200 1099 Mozilla/4.0 (compatible; MSIE 5.5;

>Windows 98; Win 9x 4.90)
>
>So we've been getting "SpamCop" messages from AOL even though the
>bad guys are from aol. I haven't worked that much with Apache so could
>anyone tell me how I could prevent this....either in the httpd.conf file or

>the
>FormMail.pl file?
>
>Cheers,
>Evan
>
>----- Original Message -----
>From: "Anthony J. Breeds-Taurima" <tony at cantech.net.au>
>To: <plug at plug.linux.org.au>
>Sent: Wednesday, July 25, 2001 9:05 AM
>Subject: Re: [plug] Help with spam
>
>
>> On Tue, 24 Jul 2001, Evan Lau wrote:
>>
>> > There are plenty more examples of this. Of course, we don't want this to

>> > continue as we don't want to end up on the "blacklist" of the Internet.

>> >
>> > The problem is I don't get what "from=www" means, along with the part
>> > that says relay=www at localhost. If anyone could help out with that please

>> > do :) I guess the more important issue is how do we stop this. I have
>tried
>> > the "access" file of sendmail, but doesn't quite seem to work.
>>
>>
>> Is it possible that you have a form to email script on this host.  If so
i
>may
>> be accepting email from anywhere.
>>
>>
>> Yours Tony.
>>
>> /*
>>  * "The significant problems we face cannot be solved at the
>>  * same level of thinking we were at when we created them."
>>  * --Albert Einstein
>>  */
>>
>>
>
>
>
>




More information about the plug mailing list