Snowman
20-05-2004, 05:36 PM
Please read carefully. This affects you and your clients if you are using any type of FormMail script.
In the recent weeks and especially in the recent days, we have seen an increasing amount of abuse of FormMail scripts. What is basically happening is that spammers search the internet for formmail.pl or formamail.php and variations. (they can do this easily by typing eg: http://www.yourdomain.com/cgi-bin/formmail.pl) and then exploiting it with additional code at the end of the URL to send out spam messages to hundreds or often thousands of people.
We have come to the decision that we can no longer be quiet and just let it happen, as there is no real way to protect the servers from being exploited through FormMail until it happens.
Please IMMEDIATELY inform your clients to check their accounts cgi-bin or the location where their is a formmail script..
NMS Scripts (http://nms-cgi.sourceforge.net/) has written a secure version of Matt Wright's FormMail called "NMS FormMail". Please download it from http://nms-cgi.sourceforge.net and IMMEDIATELY replace your current FormMail script with it.
Once you have downloaded and installed your new formmail script require you to change the name of the actual scrip tot something inconspicous, for example instead of having a script called formmail.pl cll it joeblogs.pl this will help prevent spammers sniffing out your script.
IMPORTANT:
We will allow 48 hours for you and/or your clients to remove these scripts and replace them with the secure version, available at http://nms-cgi.sourceforge.net . After that, we will be removing any insecure FormMail scripts we find on all servers without any prior notice.
The FormMail in CPanel will also be disabled/removed.
Again, please contact your clients IMMEDIATELY about this.
We apologize for the inconvenience this may cause you, however these insecure FormMail scripts are causing serious problems, such as high server loads (spiking to 15.00 or 36.00 whenever a spammer is sending a mass-email) as well as causing server to get blacklisted by spam lists.
If you have any further queries regarding this issue please open a support ticket at the Alpine Support Helpdesk
Thank you for your assistance in keeping the servers 'clean' of spammers and at top performance.
Regards
Steve Kemp
Alpine Support
In the recent weeks and especially in the recent days, we have seen an increasing amount of abuse of FormMail scripts. What is basically happening is that spammers search the internet for formmail.pl or formamail.php and variations. (they can do this easily by typing eg: http://www.yourdomain.com/cgi-bin/formmail.pl) and then exploiting it with additional code at the end of the URL to send out spam messages to hundreds or often thousands of people.
We have come to the decision that we can no longer be quiet and just let it happen, as there is no real way to protect the servers from being exploited through FormMail until it happens.
Please IMMEDIATELY inform your clients to check their accounts cgi-bin or the location where their is a formmail script..
NMS Scripts (http://nms-cgi.sourceforge.net/) has written a secure version of Matt Wright's FormMail called "NMS FormMail". Please download it from http://nms-cgi.sourceforge.net and IMMEDIATELY replace your current FormMail script with it.
Once you have downloaded and installed your new formmail script require you to change the name of the actual scrip tot something inconspicous, for example instead of having a script called formmail.pl cll it joeblogs.pl this will help prevent spammers sniffing out your script.
IMPORTANT:
We will allow 48 hours for you and/or your clients to remove these scripts and replace them with the secure version, available at http://nms-cgi.sourceforge.net . After that, we will be removing any insecure FormMail scripts we find on all servers without any prior notice.
The FormMail in CPanel will also be disabled/removed.
Again, please contact your clients IMMEDIATELY about this.
We apologize for the inconvenience this may cause you, however these insecure FormMail scripts are causing serious problems, such as high server loads (spiking to 15.00 or 36.00 whenever a spammer is sending a mass-email) as well as causing server to get blacklisted by spam lists.
If you have any further queries regarding this issue please open a support ticket at the Alpine Support Helpdesk
Thank you for your assistance in keeping the servers 'clean' of spammers and at top performance.
Regards
Steve Kemp
Alpine Support