[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Dodgy formmail.pl?

Subject: Re: [cobalt-users] Dodgy formmail.pl?
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Wed Jan 8 13:30:09 2003
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Joe Quinn wrote:

> Just having a look around the various sites on the server after seeing a
> posting about formmail and found this one that looks a bit dodgy as there
> isn't a referrer field. Could anyone please comment, should I disable this?
> What about chmod 777 to one of the files?

There's a safe copy of FormMail.pl available via anonymous ftp at
ftp.nobaloney.net.  It's never been breached though many try every day. 
It reports tries so you can block the bad guys if you want.

It even manages to block trials designed to fool it, for example:

To: you@xxxxxxxxxxxxxx <badguy@xxxxxxxxxxxxxxxxxx>

Gets blocked.

There are some "fixes" out there that will let the above through, but
this one won't.

It does require that the webmasters make a small change to their html.

It works well.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";

References:
- [cobalt-users] [raq4] how to remoge all formmail.pl from a server
  - From: Bob Lenaerts
- Re: [cobalt-users] [raq4] how to remoge all formmail.pl from a server
  - From: Andy Brown
- [cobalt-users] Dodgy formmail.pl?
  - From: Joe Quinn

Prev by Date: Re: [cobalt-users] [RaQ4r] Maximal temperature?
Next by Date: [cobalt-users] Sun Fire V100/V120
Previous by thread: RE: [cobalt-users] Dodgy formmail.pl?
Next by thread: [cobalt-users] replacel formmail.pl from a server

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index