Knowledgebase

Portal Home > Knowledgebase > Articles Database > Insecure FormMail.pl, need a form script


Insecure FormMail.pl, need a form script




Posted by tormeu, 01-01-2008, 12:29 PM
I'm using Matt Wright's FormMail.pl CGI script but it is insecure contact form: http://www.monkeys.com/formmailer/about.html Need to switch to a better solution, please need some advice...
Posted by bear, 01-01-2008, 12:35 PM
Here's a nice one: http://www.dagondesign.com/articles/...mailer-script/ Takes a little playing with to configure, but it's darn good.
Posted by tormeu, 01-01-2008, 12:42 PM
Thanks, looking into right now..notice a lot of features...
Posted by foobic, 01-01-2008, 05:22 PM
If you'd prefer a direct replacement for Matt's formmail, the nms version is secure and well-written.
Posted by Steve_Arm, 01-01-2008, 06:57 PM
I have heard many times for the exploits on this form. Shouldn't that guy call it a quit with MailForm? anyway
Posted by foobic, 01-01-2008, 07:15 PM
Matt did stop developing these scripts some years back, and now recommends the nms versions. I think the problem is that they were so popular in their day that there are still many old ones floating around...
Posted by tormeu, 01-01-2008, 08:00 PM
I'm using NMS FormMail Version 3.11c1 in all my forms.... I received this notification early today, I trying to figure out what kinda exploit it is. I checked the form NMS what maybe it is the cause. Still do not have a header of a spam email. First step I disabled the forms while gathering for clues. Advice always is appreciated
Posted by bear, 01-01-2008, 08:11 PM
It's impossible to tell if the spam originated from that form script without seeing the headers. More likely someone is faking the origin of the messages instead. I'd used the NMS version until fairly recently when a few sites were being spammed mercilessly by someone (or more than one) that had been submitting automatically to it. Sure, it wasn't sending out to anyone but the hard coded recipients....but they were getting harassed daily by it. Switched to PHP, and captcha, no more issue.
Posted by foobic, 01-01-2008, 08:14 PM
Spammers almost invariably spoof the sender - you need the messages before concluding anything. If they are coming from your formmail program, check the config - it should only send to addresses explicitly allowed there. Edit: Me too, but I added a captcha to nms formmail.
Posted by Froweey, 01-02-2008, 09:29 PM
why not>> make your own..<> This is simple make a html form with the get or post method, and make set it to sendmail.php(or whatever you name your php file), and then make a php page to validate the input's and send the email, EZ PZ stuff. GG Last edited by bear; 01-02-2008 at 09:37 PM.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
iptables questions (Views: 605)
Citadelhost vs raine-tech (Views: 634)
my servers seem to be under attack (Views: 615)
Unlimited domain hosting recs (Views: 581)
Suhosin problem?? can anyone help (Views: 591)