[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Fix for spammers and forms

Subject: Re: [cobalt-users] Fix for spammers and forms
From: shimi <shimi@xxxxxxxxxxxxxxxx>
Date: Thu Jul 19 01:56:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Thu, 19 Jul 2001, Charlie H. wrote:

> I just wanted to let everyone know, that if they are running Matt's FormMail
> script, that it is very easy for someone to use it for a spamming campaign.
> We had this happen to a number of sites we host. The referrer check is very
> easily bypassed, and I came across a patched version that appears to have
> stopped this activity for now.
> 
> You can read about this hack and find the url for the fix at the bottom of
> this page http://oliver.efri.hr/~crv/security/bugs/Others/fmail2.html .
> 
> Best Wishes,
> Charlie

I have something better, which is, I think, proof for such things.

The script is installed somewhere on your server, and all the sites can
use it. You define each site with it's own "key", to say, and according to
the value of the key in the form being submitted, the script sends all the
form's details to an email address that is defined in the special area for
that in the script.

Since no E-Mail address is ever given to the processing perl script via a
form, I don't think this is bypassable.

If anyone's interested, please let me know :-0

- shimi.

Follow-Ups:
- Re: [cobalt-users] Fix for spammers and forms
  - From: baltimoremd

References:
- [cobalt-users] Fix for spammers and forms
  - From: Charlie H.

Prev by Date: [cobalt-users] CGI-BIN? + SSH2 + WebMail, etc..
Next by Date: [cobalt-users] [RaQ3i] LCD panel controls not working
Previous by thread: [cobalt-users] Fix for spammers and forms
Next by thread: Re: [cobalt-users] Fix for spammers and forms

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index