Naiomi1917 Posted May 29, 2003 Posted May 29, 2003 (edited) I sent this email to support@totalchoice.com and would like some of the readers here to check it out: [start forwarded email] Hi. Recently I heard about the security problems in some aspects of formmail.pl on the web -- and that it had already been corrected. When checking "recent visitors" I discovered that there had been a few checks on my /cgi-bin/formmail.pl from this address: 200.58.161.146 Through the use of this site http://www.serve.com/apg/spammers.html I discovered they were formmail spammers. How can I know if they did anything with my site, before or even after the security fix last weekend? This has happened 5 times for this month, as I check the records. Does that mean someone was abusing my scripts? Also, in my formmail.pl file I noticed the following line: @referers = ('domain.com','66.246.87.127'); The 66.246.87.127 refers to a Total Choice Hosting page, so what does that mean for my formmail? I'm not an expert on the use of CGI, but can I just take TCH out of the loop? Thanks! Dave [end of my email] Remember the email that went out from Total Choice about formmail.pl abuses? It was emailed on 5/18 and an email went out to say it was fixed on 5/19. As soon as I got TC's warning email on the 18th, I called up the 24 hour tech support emergency hotline, since formmail is important to my web site. No one was there and I left a phone message, and no one called me since. I tried to use the Online Chat feature from http://www.totalchoicehosting.com/web_host...ng_support.html but it said there was an error on the page, so the live chat wasn't (and still isn't) an option. Then I sent the email above (almost a week ago) and still have not received a response. I'm not sure what's happening since TC's support has been fantastic until now. When I check Cpanel, every other day it seems like there's another attempt from one of those formmail abuser's IP addresses trying to check out my cgi-bin/formmail.pl and it bothers me. Is there something I have to worry about? How can I find out if the formmail abusers have done anything to my site? Please help! Dave Edited February 24, 2005 by Naiomi1917 Quote
surefire Posted May 29, 2003 Posted May 29, 2003 I can't address every question in your post but I will give you my two cents about a few items. Now that the security patch is in place, it should only be possible for forms to be processed if the forms reside on your site. So even if a spammer found the location of your FormMail script, it probably wouldn't do them any good. They'd have to fake the IP, and I doubt that's possible. My point is that just because someone accesses a script doesn't mean that it's actually working for them. That's what the security patch is supposed to fix. I wouldn't recommend changing the code. You were wise to report the issue and hopefully you will receive a response soon. Quote
Head Guru Posted May 29, 2003 Posted May 29, 2003 I personally repsonded to your email about the formail issues. We do not return phone calls for non-emergency support issues. So if you left a message at the NOC and it was not emergency based you will not get a response. Formail has once again just been disabled on all the servers. We are sending a email out to all our users about this as I type this. Live chat is available in 4 different flavors. AOL IM, Yahoo IM, MSN IM and the Live Operator Chat. The IM's are staffed 24/7 in most cases. Also, the best way to get support is not to email, it is to submit a help desk ticket. This is defined here - http://www.totalchoicehosting.com/forums/i...=ST&f=17&t=1288 I am at the point of removing the formail scripts on a permanent basis. I will make an announcement soon on this. Please make sure to submit a help desk ticket to get support. Thank You! Quote
SEO Posted May 29, 2003 Posted May 29, 2003 I strongly recommend to reference surefire's original thread regarding an alternative mail script (PHP). This was a huge help for many and he has been very good at helping those implement it. The original thread is here Quote
surefire Posted May 29, 2003 Posted May 29, 2003 Thanks, man... Feelin' loved. On a serious note... There are plenty of FormMail scripts, one of which I mentioned in the thread above. With the current FormMail issues, you might want to check it out. Quote
Naiomi1917 Posted May 30, 2003 Author Posted May 30, 2003 (edited) Everything's been taken care of now (very quickly too, thanks!) and I'll be exploring those links/threads. Thanks everyone! Dave Edited February 24, 2005 by Naiomi1917 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.