Snowman
14-11-2002, 08:27 AM
Please read carefully. This affects you and your clients if you are using the Matt Wright FormMail scripts.
Servers at both the Fullerton and Atlanta datacentres are affected by this.
In the recent weeks and especially in the recent days, we have seen an increasing amount of abuse of FormMail scripts. What is basically happening is that spammers search the internet for formmail.pl (they can do this easily by typing http://www.yourdomain.com/cgi-bin/formmail.pl) and then exploiting it with additional code at the end of the URL to send out spam messages to hundreds or often thousands of people.
We have come to the decision that we can no longer be quiet and just let it happen, as there is no real way to protect the servers from being exploited through FormMail until it happens.
There has been a report on SecurityFocus about the FormMail at http://online.securityfocus.com/bid/2469 . Note that all versions of Matt Wright FormMail are affected by this.
Please IMMEDIATELY inform your clients to check their cgi-bin/ or the location where their formmail.pl script is located and to check the top lines of it. Unless it says version "1.9s", the script is exploitable and MUST BE REMOVED immediately.
NMS Scripts (http://nms-cgi.sourceforge.net/) has written a secure version of Matt Wright's FormMail called "NMS FormMail". Please download it from http://nms-cgi.sourceforge.net/formmail.zip and IMMEDIATELY replace your current FormMail script with it.
Exploitable Versions:
Matt Wright FormMail 1.0
Matt Wright FormMail 1.1
Matt Wright FormMail 1.2
Matt Wright FormMail 1.3
Matt Wright FormMail 1.4
Matt Wright FormMail 1.5
Matt Wright FormMail 1.6
Matt Wright FormMail 1.7
Matt Wright FormMail 1.8
Matt Wright FormMail 1.9
Secure Versions:
NMS FormMail 1.9s
IMPORTANT:
We will allow 48 hours for you and your clients to remove these scripts and replace them with the secure version, available at http://nms-cgi.sourceforge.net/formmail.zip . After that, we will be removing any insecure FormMail scripts we find on all servers without any prior notice.
The FormMail in CPanel will also be disabled/removed.
Again, please contact your clients IMMEDIATELY about this.
We apologize for the inconvenience this may cause you, however these insecure FormMail scripts are causing serious problems, such as high server loads (spiking to 15.00 or 36.00 whenever a spammer is sending a mass-email) as well as causing server to get blacklisted by spam lists.
If you are unsure about whether you use FormMail on your site please submit a support ticket to the Helpdesk.
You may use this thread as a discussion. Thank you for your assistance in keeping the servers 'clean' of spammers and at top performance :)
Servers at both the Fullerton and Atlanta datacentres are affected by this.
In the recent weeks and especially in the recent days, we have seen an increasing amount of abuse of FormMail scripts. What is basically happening is that spammers search the internet for formmail.pl (they can do this easily by typing http://www.yourdomain.com/cgi-bin/formmail.pl) and then exploiting it with additional code at the end of the URL to send out spam messages to hundreds or often thousands of people.
We have come to the decision that we can no longer be quiet and just let it happen, as there is no real way to protect the servers from being exploited through FormMail until it happens.
There has been a report on SecurityFocus about the FormMail at http://online.securityfocus.com/bid/2469 . Note that all versions of Matt Wright FormMail are affected by this.
Please IMMEDIATELY inform your clients to check their cgi-bin/ or the location where their formmail.pl script is located and to check the top lines of it. Unless it says version "1.9s", the script is exploitable and MUST BE REMOVED immediately.
NMS Scripts (http://nms-cgi.sourceforge.net/) has written a secure version of Matt Wright's FormMail called "NMS FormMail". Please download it from http://nms-cgi.sourceforge.net/formmail.zip and IMMEDIATELY replace your current FormMail script with it.
Exploitable Versions:
Matt Wright FormMail 1.0
Matt Wright FormMail 1.1
Matt Wright FormMail 1.2
Matt Wright FormMail 1.3
Matt Wright FormMail 1.4
Matt Wright FormMail 1.5
Matt Wright FormMail 1.6
Matt Wright FormMail 1.7
Matt Wright FormMail 1.8
Matt Wright FormMail 1.9
Secure Versions:
NMS FormMail 1.9s
IMPORTANT:
We will allow 48 hours for you and your clients to remove these scripts and replace them with the secure version, available at http://nms-cgi.sourceforge.net/formmail.zip . After that, we will be removing any insecure FormMail scripts we find on all servers without any prior notice.
The FormMail in CPanel will also be disabled/removed.
Again, please contact your clients IMMEDIATELY about this.
We apologize for the inconvenience this may cause you, however these insecure FormMail scripts are causing serious problems, such as high server loads (spiking to 15.00 or 36.00 whenever a spammer is sending a mass-email) as well as causing server to get blacklisted by spam lists.
If you are unsure about whether you use FormMail on your site please submit a support ticket to the Helpdesk.
You may use this thread as a discussion. Thank you for your assistance in keeping the servers 'clean' of spammers and at top performance :)