[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Internal Server Error with formmail.pl
- Subject: RE: [cobalt-users] Internal Server Error with formmail.pl
- From: "Jolley, Carl" <Carl.Jolley@xxxxxxx>
- Date: Thu Jul 11 19:49:01 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
----Original Message-----
From: Dan Kriwitsky
Sent: Thursday, July 11, 2002 10:30 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] Internal Server Error with formmail.pl
> I have installed formmail.pl on my system, but whenever I run
> it, I get an internal server error. I've chown'd the file to
> admin I've chmod'd the file to 755 I've enabled Server Side
> Scripting and CGI on the Site Admin
<lots of stuff snipped>
Why did you chown the file? If it's in joeuser directory and joeuser
uploads it, it will be properly owned.
BTW, don't name it formmail.pl if you don't want lots of wasted
resources by spammers trying to abuse your script. Call it something
unusual.
-----------------------------
If you go to the trouble of renameing it, (as opposed to fixing it) you
should probably go an extra step and make sure people can't get a directory
listing of your cgi-bin directory by browsing
http://www.yourdomain.com/cgi-bin
Otherwise an unusal name doesn't accomplish much. Fixes that I've done to
a version of formmail that I',m using include not permitting REQUEST_METHOD:
GET,
prohibiting the charactes "\n:%" from occuring in email, recipient or
realname
and only allowing permitted domains in the recipient. I also log all
environmental
variables for each form submitted.