Results 1 to 10 of 10
  1. #1
    Full Member garystarling's Avatar
    Join Date
    January 18th, 2005
    Posts
    277
    Advice please!

    On checking my log files I have found several entries where people have been testing to see if I have formmail in my cgi-bin (I don't).

    This is due to a well known weakness that can allow spammers to use your server to send out 100's of spams and viruses.

    The interesting thing is that the log entry shows their email addresses.

    e.g. /cgi-bin/formmail.pl?recipient=barssom51@aol.com&subject=http:/www.MYsite.com/cgi-bin/formmail.pl&email=lasdgr@acnet.net &=http:/www.Mysite.com/cgi-bin/formmail.pl

    Now what do I do with these hacker addresses?

    Options.

    1) Leave it alone it will only back fire
    2) Sign them up to a heavy bandwidth email site
    3) Report them to their ISP
    4) Something else

    Thoughts and ideas please. :confused:

  2. #2
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    ÄúsTrálíĺ
    Posts
    1,372
    If that is the email address of the spammer, then that would have to be the stupidest spammer on the planet.
    If they are that stupid, then they deserve everything coming to them.. report them everywhere.

    Even *I* could spam better than that.

    FWIW: I doubt if it is the email address.

  3. #3
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,279
    I have to agree that it's highly doubtful that you're getting the hacker's email -- they never put real email addresses in spam, so I doubt they would use it when exploiting formmail.

  4. #4
    ABW Veteran Student Heyder's Avatar
    Join Date
    January 18th, 2005
    Posts
    5,482
    I would definately report the activity but agree with the others, it's probably not the hackers email.

  5. #5
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    I'm not sure that this is spam. There was a problem with formmail, and I have seen several programs that you can use that exploit formmail. It is basically a 'mailbomb' The program I saw had a place for an e-mail address, your fake address, and a short message. There was also a place to put in the url of an unsuspecting site that was running formmail (putting the url to the script in this spot). You can also choose the number of messages you want to send. Fill out the form, and blam...you have hundreds of e-mails going to one address from a fake one. The unsuspecting site will show like what you mentioned in the logs.


    Tom Pyles

  6. #6
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    So *that's* why I get so many "feedback form" spam mails these days!

  7. #7
    Full Member
    Join Date
    January 18th, 2005
    Posts
    256
    I am also getting those "Feedback Forum" spamwiches, but I do not use formmail on my site, so it must be coming from somewhere else.

  8. #8
    ABW Ambassador
    Join Date
    January 18th, 2005
    Posts
    2,402
    Moo and Bee,
    (This place is turning into a freakin' farm). Those are probably crawlers that picked it off of your site...if you use a cgi-script that has the e-mail address inside the form itself, they will get that.


    Tom Pyles

  9. #9
    Full Member garystarling's Avatar
    Join Date
    January 18th, 2005
    Posts
    277
    I think the addresses are real. The reason is they appear in the weblogs in a set format. Why test my server with fake addresses, what would that prove? How would they know it worked? If you look carefully - the recipient and subject headings are designed to inform someone where formmail is in my cgi-bin and that it is vunerable. I have about 10 addresses in this months logs.

    If TH is right then this could be also used for a denial of service attack

    [ 02-26-2002: Message edited by: GaryS ]

  10. #10
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Drop on by www.spamcop.net and signup. Run some of your daily spamm theu their service and you'll be amazed at the Fake domains e-mails and routes these take til the final culprets are uncovered. Spamming robots look through major hosting firms servers for temp attaching to unsuspecting domains sendmail program to blast out e-mails. Other sources like the bankrupt @Home network is a spam farmers dream for e-mail addresses. Real teeth and financial penalities to hosters and perputual abusers need to be enforced worldwide to remove spam.

  11. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Someone trying to find formmail.php on new site
    By websmith in forum Midnight Cafe'
    Replies: 7
    Last Post: August 18th, 2004, 03:33 AM
  2. FormMail Scripts
    By wendy in forum Spam
    Replies: 1
    Last Post: September 13th, 2002, 04:46 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •