RE: [cobalt-users] New FormMail script

[Bob G7 <Bob_G7@xxxxxxxxxx>]

> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Jeff Lasman
> Sent: Friday, April 26, 2002 1:48 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: Re: [cobalt-users] New FormMail script
>
>
> "Anthony C. Herman" wrote:
>
> > My advice, change your scripts to NMS before this happens to you. Matt's
> > scripts are not kept up to date very well and these are a bunch of real
> > programmers trying to help:
>
<snip> The problem is they're not MY scripts; they're my clients' scripts.
And
> clients will continue to use whatever they want.  Yes, you can shut them
> down, but then you might just lose their business to a provider who does
> allow them.
<snip>

I have been reading a lot about the formmail problem and there is no real
way to prevent a customer from using it or a hacker from finding a way to
get around it. What I have done and have anyone who wants to use formmail do
1 simple thing, rename the program from formmail.pl to somethingelse.pl
(somethingelse = any word/number combination).

One of the ways these people are able to exploit the formmail on a website
it to run scripts that look through all your web pages for the word
formmail. The script then makes a log and when the exploiter is ready,
simply looks at the log, grabs the code from your page and there off and
running. By changing the name of formmail to something else, there little
scripts will pass right by it and go away.

If your already running formmail, remember to change the code in the web
pages to reflect what you renamed it to. I have been doing this ever since
on of my sites got nailed about a year ago, and have over 30 web sites using
formmail, and haven't been hit since.

I hope this helps in some way.

Bob G.