Mailform.pl

[Drogyn]

I am looking for a perl script called mailform.pl which is used to convert input form a html form to an email which is sent to the address specified int he html script.

 

Does anyone know where I can get it? so far I have found links to pages about it, but not the file itself....

Also, where would I need to install it when i DO get it?

[TCH-Rob]

In just taking a brief look on the web I found several scripts called mailform. Some only ran on Windows servers. Some were out of date and possible not secure and some were not freeware. I can't say for sure what one you want. You may want to look for Ultimate Form Mail as it will do the same thing and is more secure than many scripts you will find.

 

I did find some security flaws in the older versions of mailform that I found. Keep that in mind when looking.

[Drogyn]

The information I am sendign over it is not exactly highly classified...

I just need people to enter comments and such on the webpage, hit send and have it arrive in a specified in box...

 

Looking at whta you suggested, but I don't exactly know php so...

[TCH-Bruce]

The problem with insecure scripts is they can be used by spammers to send their own messages. If that happens on your account it WILL be suspended. So Rob's suggestion of finding a secure script to use is of paramount importantance.

[TCH-Rob]

I didn't mean secure as in keeping your data safe, I was more speaking on abusing the script t take advantage of the server of your account. All of which can lead to your account being suspended. Just be careful of what you install on your account.

 

And.... Bruce beat me to it.

[stevevan]

The suggested application is as easy or extensive as you want to make it. The key in all of this...no matter what you use, you need to make sure that it is extremely difficult for hackers to use the email script to send spam.

[Drogyn]

ok, sorry I didn't understad what you meant when you said that before

 

I have downloaded the program, and am currently reading how to install it

[Drogyn]

DO have one odd question....

How could my account here be blamed for the spam when I was never given an smtp outgoing email server?

Which would mean the spam would have to be generated and sent out form another server i specified wouldnt it?

 

Not that I am gonna do that you understand...

Just not really understanding how a script that would have to run from another outgoing mail server could affect my site...

[surefire]

Black Hat (BH) finds your form, and discovers easy vulnerability (that's the scenario).

 

They automatically post 10,000 names to your form processor. Under normal conditions your form processor is designed to take information posted to it and safely email it to you (or your client). But BH knows how to convince your web script to put those 10,000 names into the BCC of the email that goes out to you.

 

10,000 people get an email about member elongation, with your return email address. 200 or the 10,000 report you to SpamCop or their ISP. Your server's IP address is banned by AOL, hotmail, Yahoo, and Earthlink.

 

Your website is terminated for violation of the AUP at TCH.

 

(Just one scenario)

 

Or... you have a scipt that determines the recipient at runtime when it receives the 'recipient' variable from a hidden tag in your form... very insecure. BH puts the 10,000 names into the 'recipient' array of data that is posted to your website.

 

Same end result.

Edited February 10, 2006 by surefire