Here's another option to the old, insecure Matt Wright scripts: http://nms-cgi.sourceforge.net/ This group is making a series of drop in replacements for all of Matt Wright's programs. FormMail is one of them. I hope this helps! -----Original Message----- From: Justin Shore [mailto:macdaddyat_private] Sent: Friday, April 12, 2002 8:35 AM To: Andrew Daviel; incidentsat_private Subject: Re: <victim>server formmail.pl exploit in the wild One of my servers had an old copy of formmail.cgi on it (1.6) a few weeks ago which got that server listed in SpamCop. Every single malicious use of that cgi came from pacbell.net DSL customers. Since upgrading to 1.9 we haven't had any trouble, yet <knock on wood>. I would rather find a PHP solution for form handling. Justin On 4/11/02 6:06 PM Andrew Daviel said... > >I've seen an attempt to exploit FormMail.pl version 1.9 (the latest >official version), viz. > >Tue Apr 9 15:40:50 2002 >REMOTE_ADDR=172.190.98.15 >REQUEST_METHOD=POST >REMOTE_PORT=2768 >HTTP_CACHE_CONTROL=no-cache >REQUEST_URI=/cgi-bin/formmail.pl >CONTENT_TYPE=application/x-www-form-urlencoded >CONTENT_LENGTH=2153 >Count 1 >. > >We will show you how to not only make money online, >.. >subject academics NyZ0f >recipient ><a2888at_private>vancouver-webpages.com,<a28danat_private>vancouver-webpag >es.com, >etc. > >as per >http://online.securityfocus.com/archive/1/252232 > >I have also seen an extensive credit card fraud spam campaign aimed at AOL >users exploiting the earlier vulnerability in FormMail.pl version 1.6 > > >Andrew Daviel, TRIUMF, Canada >Tel. +1 (604) 222-7376 >securityat_private > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus ARIS analyzer service. >For more information on this free incident handling, management >and tracking system please see: http://aris.securityfocus.com -- Justin Shore, ES-SS ES-SSR Pittsburg State University Network & Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 12 2002 - 13:25:33 PDT