[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9

Subject: Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
From: Larry Smith <lesmith@xxxxxxxxx>
Date: Tue Jun 25 07:41:31 2002
Organization: ECSIS.NET
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

INRE [cobalt-users] [OT] [RAQ4] Formmail 1.9:
> www.mountainsoftware.co.uk/cgi-bin/formmail.pl is no longer there..
>
> Im *still* seeing the spammer.. does anyone have any suggestions on
> how to close this hole?

While probably _not_ the perfect answer for everyone, my action has been to 
create a "different" formmail.pl that (1) has the recipient changed to 
something else (mail_to, my_addy or something off-wall); (2) hard-coded this 
new "recipient" into each version/copy of the script that I need so that the 
program will "only" send to that address; (3) test the incoming original 
"recipient" form value to see if it matches what I know is in the form, and 
if _not_ send me (admin) a mail message with the IP address and copy of what 
was submitted; [ and (4) here locally add _that_ IP to my deny tables ].

It means you end up having a "formmail" for each local "form" (unique 
recipient), but does mean that you are pretty darn secure from violations of 
your forms.


-- 
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx

Follow-Ups:
- RE: [cobalt-users] [OT] [RAQ4] Formmail 1.9
  - From: Dan Kriwitsky
- Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
  - From: baltimoremd

References:
- [cobalt-users] [OT] [RAQ4] Formmail 1.9
  - From: Sean Chester

Prev by Date: Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
Next by Date: Re: [cobalt-users] RAID on Raq4i
Previous by thread: Re: [cobalt-users] [OT] [RAQ4] Formmail 1.9
Next by thread: RE: [cobalt-users] [OT] [RAQ4] Formmail 1.9

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index