[cobalt-users] [OT] [RAQ4] Formmail 1.9

[Sean Chester <sean.chester@xxxxxxxxxxxxxx>]

www.mountainsoftware.co.uk 64.48.129.5 - - [25/Jun/2002:11:52:38 
+0100] "GET 
/cgi-bin/formmail.pl?recipient=bemark3@xxxxxxx,djs146@xxxxxxx,girlrok@
aol.com,bookish2@xxxxxxx,eborges105@xxxxxxx,tater109@xxxxxxx,pajero200
0@xxxxxxx,newacct196980@xxxxxxx,promise798@xxxxxxx&subject=Affirm:%20B
est%20Time%20to%20Refinance%20or%20Obtain%20Mortgage&email=hannahmryba
k@xxxxxxx&=Looking%20at%20a%20refinance,%20debt%20consolidation%20or%2
0second%20mortgage?%20%20One%20simple%20form%20will%20make%20the%20mor
tgage%20companies%20compete%20for%20your%20business!%20%20Take%20charg
e%20of%20your%20mortgage%20search%20and%20go%20to%20<A%20HREF%3D"aol:/
2000:http://www.sherryhulber@xxxxxxxxxxxxxx/mort.html";>TAKE%20CONTROL%
20MORTGAGE</A>%20right%20now!<BR><BR><BR><BR><BR>To%20be%20removed%20f
rom%20future%20mailings,%20please%20go%20to%20<A%20HREF%3D"aol:/2000:h
ttp://www.sherryhulber@xxxxxxxxxxxxxx/remove.html">REMOVE%20ME</A><BR>
<BR><BR><BR><BR><BR><BR>3k388w7rd<BR>3k388w7rd<BR>3k388w7rd<BR>3k388w7
rd<BR>3k388w7rd<BR>3k388w7rd<BR></FONT></HTML><BR>will%20make%20the%20
mortgage%20companies%20compete%20for%20your%20business!%20%20Take%20ch
arge%20of%20your%20mortgage%20search%20and%20go%20to%20<A%20HREF%3D"ao
l:/2000:http:/ HTTP/1.1" 200 2489 "-" "Microsoft URL Control - 
6.00.8862"


as you can see it looks like im the victim of the formmail exploit
(i did upgrade them to FormMail 1.9)

i have now renamed all the formmail.pl files to .dnu and chmod them
to 666.

www.mountainsoftware.co.uk/cgi-bin/formmail.pl is no longer there..

Im *still* seeing the spammer.. does anyone have any suggestions on
how to close this hole?



-- 
Sean Chester, sean.chester@xxxxxxxxxxxxxx on 25/06/2002