Home > Archive > PERL Programming > April 2004 > spam-free formmail script
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
spam-free formmail script
|
|
| Marceia 2004-04-25, 10:30 am |
| Is there a place to find a formmail.pl script that also keeps recipients in
a formmail.conf file? Most hosts have it, but I'd like to get a copy so I
can add a few lines of script for my site (need it to write to a csv
database, something my current host's script won't do)
Any suggestions would be great!
Thanks!
Marceia
| |
| Dave Cross 2004-04-27, 12:44 am |
| On Sun, 25 Apr 2004 09:42:28 -0400, Marceia wrote:
> Is there a place to find a formmail.pl script that also keeps recipients in
> a formmail.conf file? Most hosts have it, but I'd like to get a copy so I
> can add a few lines of script for my site (need it to write to a csv
> database, something my current host's script won't do)
Take a look at tfmail from http://nms-cgi.sourceforge.net/
Dave...
| |
| formmailsucks 2004-04-30, 5:42 pm |
| In article <o8Pic.88224$Lh2.62243@bignews1.bellsouth.net>, Marceia <spamegler@yahoo.com>
wrote:
> Is there a place to find a formmail.pl script that also keeps recipients
in
> a formmail.conf file? Most hosts have it, but I'd like to get a copy so
I
> can add a few lines of script for my site (need it to write to a csv
> database, something my current host's script won't do)
>
> Any suggestions would be great!
Yes don't use it at all.
3 lines of PHP can do what shitty formmail does and better and more safely.
Formmail is the spammers choice, formmail is so controversial that many hosts
ban it outright.
Clunky, outdated shit and if you have an old version it is full of holes and
exploits for hackers and spammers.
Formmail is an abomination. What was that idiot thinking off when he wrote
it ? was he on drugs ? was he mentally ill ? We just don't know.
XXXX of f formmail you suck. Totally pointless useless shit. go away formmail
3. Matt Wright Formmail attack
The Formmail package has become a favorite tool of spammers.
Formmail allows a website to email form submissions to an email account. If
left unpatched a malicious user can send spam simply by including the list
of target email addresses in an HTTP request to Formmail. This behavior makes
tracking down the origin of the spam difficult because the only place the spammers
IP address is saved is in the Web logs of the affected site.
FormMail is a widely-used web-based e-mail gateway, which allows form-based
input to be emailed to a specified user.
When the form is submitted, the commands will be executed on the host, with
the privileges of the webserver process. This might be leveraged by the attacker
to gain local access to the host.
http://www.securityfocus.com/corpor...s_q1_2002.shtml
http://www.net-security.org/article.php?id=503
|
|
|
|
|