[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Fix for spammers and forms

Subject: RE: [cobalt-users] Fix for spammers and forms
From: Ken Marcus - Precision Web Hosting <ken@xxxxxxxxxxxxxxxx>
Date: Fri Jul 20 14:20:55 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

>>
I believe the script was written in 1996 or 1995, before email
spammers/hackers had DSL and could hit a couple thousand sites a day,
looking for victims.
(Seems like we're attached at least once a week, by someone trying to
take
down or get into our server).
<<

We had someone send out 27000 spam emails using a formmail script that
one of my customers had installed.

What I do is comment out the get method section in the script, as below.

 # Determine the form's REQUEST_METHOD (GET or POST) and split the
form   #
    # fields up into their name-value pairs.  If the REQUEST_METHOD
was      #
    # not GET or POST, send an
error.                                        #
    #if ($ENV{'REQUEST_METHOD'} eq 'GET') {
    #    # Split the name-value pairs
    #    @pairs = split(/&/, $ENV{'QUERY_STRING'});   
    #}


Then I also change the following lines by adding the  
or ($Config{'recipient'} !~/mycustomersdomain.com/) 
so that the recipient has to be something @mycustomersdomain.com

if ((!$Config{'recipient'}) or ($Config{'recipient'}
!~/mycustomersdomain.com/))
       {
        if (!defined(%Form)) { &error('bad_referer') }
        else                 { &error('no_recipient') }
       }


---------
Ken Marcus
mailto:ken@xxxxxxxxxxxxxxxx
http://precisionweb.net
Precision Web Hosting

Prev by Date: Re: [cobalt-users] [RaQ3i] cannot reset primary IP, gateway, netmask values
Next by Date: [cobalt-users] Interchange & Perl on a RaQ
Previous by thread: RE: [cobalt-users] Fix for spammers and forms
Next by thread: [cobalt-users] CGI-BIN? + SSH2 + WebMail, etc..

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index