[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Fix for spammers and forms

Paul,

Here's a download link to the amended version of FormMail.pl, with the
added security precaution, to prevent hackers/spammers from using your copy
of the script

http://www.perl-studio.com/cobalt/

Here's a download link to a perl script syntax checker that runs on RQ3s &
RQ4s,
in case you make any changes to the script and can't get it run again.

http://www.perl-studio.com/scripts/

-Sim


-----Original Message-----
From: Paul

Can you post a copy of the amended script so that people like me will not
screw up the script.

If not would you send a copy to me direct?

Thanks




----- Original Message -----
From: "Sim Ayers" <sim@xxxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, July 20, 2001 12:16 AM
Subject: RE: [cobalt-users] Fix for spammers and forms


> Charlie,
>
> It's great being on the cobalt users list, it's like having an extra
> set of eyes and ears.
>
> Thanks for pointing out the exploit in Matt's FormMail.
> With Matt's FormMail being one of the most-used Perl scripts on the Web
> there are plenty of sites that could be potentional victims to the email
> spammers.
>
> I believe the script was written in 1996 or 1995, before email
> spammers/hackers
> had DSL and could hit a couple thousand sites a day, looking for victims.
> (Seems like we're attached at least once a week, by someone trying to take
> down or get
> into our server).
>
> As a security precaution I've added the following 7 lines of code to all
our
> scripts
> to cut down on the potentional security holes.
>
> my $host = "http://$ENV{'HTTP_HOST'}";
> my $referer = $ENV{'HTTP_REFERER'};
> if($referer !~ /^$host/i or $ENV{'REQUEST_METHOD'} !~ /POST/){
>    print "Content-type: text/html\n\n" unless $content_type_printed++;
>    print "<p>Access denied for $referer. This form can only be submitted
on
> $host";
>    exit;
> }
>
>
> A lot of scripts use similar code, but the real security buster here is:
> /^$host/
>
> The referring page must be listed first..^
>
> This prevents hacker's from using:
>
> http://hacker.com/www.victim.com/cgi-bin/got_you.cgi
>
> The referring page must be from:
>
> http://www.victim.com
>
> This also stops form submissions or attacks using the GET method.
> The script must use the POST method, or $ENV{'HTTP_REFERER'} will be
> empty and access will still be denied.
>
>
> Hope this helps at least one person from being hack/attacked.
>
> -Sim
>
> (-victim:  a live site being sacrificed to a hacker/spammer in the
> performance of spamming)
>
>
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Charlie H.
> Sent: Thursday, July 19, 2001 11:05 AM
> To: Cobalt-Users
> Subject: [cobalt-users] Fix for spammers and forms
>
>
> I just wanted to let everyone know, that if they are running Matt's
FormMail
> script, that it is very easy for someone to use it for a spamming
campaign.
> We had this happen to a number of sites we host. The referrer check is
very
> easily bypassed, and I came across a patched version that appears to have
> stopped this activity for now.
>
> You can read about this hack and find the url for the fix at the bottom of
> this page http://oliver.efri.hr/~crv/security/bugs/Others/fmail2.html .
>
> Best Wishes,
> Charlie
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>