formmail 1.9 is vulnerable...we were just hit by it.....many messages went out before we causght it ......supposedly the version at http://www.monkeys.com/anti-spam/filtering/formmail.html takes care of the problem.......:-( Justin Shore wrote: > One of my servers had an old copy of formmail.cgi on it (1.6) a few weeks > ago which got that server listed in SpamCop. Every single malicious use > of that cgi came from pacbell.net DSL customers. Since upgrading to 1.9 > we haven't had any trouble, yet <knock on wood>. I would rather find a > PHP solution for form handling. > > Justin > > On 4/11/02 6:06 PM Andrew Daviel said... > > > > >I've seen an attempt to exploit FormMail.pl version 1.9 (the latest > >official version), viz. > > > >Tue Apr 9 15:40:50 2002 > >REMOTE_ADDR=172.190.98.15 > >REQUEST_METHOD=POST > >REMOTE_PORT=2768 > >HTTP_CACHE_CONTROL=no-cache > >REQUEST_URI=/cgi-bin/formmail.pl > >CONTENT_TYPE=application/x-www-form-urlencoded > >CONTENT_LENGTH=2153 > >Count 1 > >. > > > >We will show you how to not only make money online, > >.. > >subject academics NyZ0f > >recipient > ><a2888at_private>vancouver-webpages.com,<a28danat_private>vancouver-webpag > >es.com, > >etc. > > > >as per > >http://online.securityfocus.com/archive/1/252232 > > > >I have also seen an extensive credit card fraud spam campaign aimed at AOL > >users exploiting the earlier vulnerability in FormMail.pl version 1.6 > > > > > >Andrew Daviel, TRIUMF, Canada > >Tel. +1 (604) 222-7376 > >securityat_private > > > > > >---------------------------------------------------------------------------- > >This list is provided by the SecurityFocus ARIS analyzer service. > >For more information on this free incident handling, management > >and tracking system please see: http://aris.securityfocus.com > > -- > Justin Shore, ES-SS ES-SSR Pittsburg State University > Network & Systems Manager Kelce 157Q > Office of Information Systems Pittsburg, KS 66762 > Voice: (620) 235-4606 Fax: (620) 235-4545 > http://www.pittstate.edu/ois/ > > Warning: This message has been quadruple Rot13'ed for your protection. > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com -- Mike Maxwell System Manager--GMA mmaxwellat_private **************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 13:18:04 PDT