Re: [cobalt-users] don't touch formMail.pl - was Universal CGI-BIN Problem

["Carrie Bartkowiak" <ravencarrie@xxxxxxxx>]

> Are you referrring to Matt's Script Archive FormMail.pl?  ie, the v.16.
formMail?  If so, I suggest you remove it now you have advertised the fact
that you have >it....  it's SERIOUSLY flawed script

I highly agree. Most users can't get it to work without commenting out the
referrer-checking code, and once they do that, your machine is an open spam
server.
I recommend to all of my users that they *not* use FormMail - but after some
heavy thinking, I'm going to completely ban usage of it.
Anyone have a cron script handy that will do a locate for formmail.pl (in
all case-sensitive possibilities) and delete all copies that it finds?

>see this:
>
>
http://www.securiteam.com/exploits/FormMail_discloses_environment_variables_
information.html

I couldn't get this URL to work but I did back it up to the /exploits and
was presented with a list of hacks and exploits that frankly just makes me
want to shut down the server and close up shop. Egads, batman.
And the bad thing is, they put up the exploit in full source - a hacker's
dream come true. Would it not be sufficient to say that the exploit does
this or that by exploiting this or that vulnerability, and not give away the
actual exploit? IMHO, this site does more to promote hacking and exploiting
than it does to promote securing your server/site. Full posting of the
source exploits is nothing less than irresponsible.

Carrie