FormMail-clone.cgi [was: Security spam hole in cgi-sys/formmail.pl re-write]

[cpanelnick]

Please update to

EDGE 4
RELEASE 5
or
STABLE 6

as soon as possible to close a hole in FormMail-clone.cgi which will allow spammers to send out unwanted email.

If you do not wish to update you can install a patched binary from:

http://host.cpanel.net/~nick/FormMail-clone.bin
into
/usr/local/cpanel/cgi-sys/FormMail-clone.cgi

-rwxr-xr-x 4 root wheel 533384 May 18 17:51 formmail.cgi*
-rwxr-xr-x 4 root wheel 533384 May 18 17:51 FormMail.cgi*
-rwxr-xr-x 1 root wheel 533384 May 18 17:51 FormMail-clone.cgi*
-rwxr-xr-x 4 root wheel 533384 May 18 17:51 formmail.pl*
-rwxr-xr-x 4 root wheel 533384 May 18 17:51 FormMail.pl*


make sure to replace all formmail scripts

[Hoster2k]

they were using formmail.pl with me. Looking at the file sizes though are they all exactly the same thing, FormMail.pl, formmail.pl, FormMail.cgi etc

[rpmws]

Just grabbed edge 4.

tailing logs .. saw hit .. saw mail leave ..panic for 10 seconds ...see mail was legit still watching. Looks like the legit use is still working. That's a plus!!! so far so good. Thank's Nick!

[SoftmegUK]

nick, upgraded to the latest version and now WHM news does not appear in the WHM any more.

[cpanelnick]

Originally posted by SoftmegUK
nick, upgraded to the latest version and now WHM news does not appear in the WHM any more.

relax and reload.. it was being updated

[SoftmegUK]

lol im relaxed now

[cpanelnick]

Originally posted by rpmws
Nick ??? is it really you??? thank you GOD!!!! thank you!!!!!!!!!!!!! Now fix Exim from hanging on to local email for hours for no reason so I don't have to run /scripts/newexim every day

Catch me on aim (cpanelnick) and I should be able to help you out with that.

[andyf]

Originally posted by bdraco
Catch me on aim (cpanelnick) and I should be able to help you out with that.

If you'd like to share that, I'm sure we'd all love to know

[web12]

I've updated 1 server just fine... but I just tried updating a second server with /scripts/upcp and it is hanging on the following:-

..Done
webmail.....Done
static-stunnel...........Done
imap..........Done
formmail.....Done
imp.....


Anything I should be doing here?

[web12]

Also,

I have done the manual stable update, but its given me release...

now that is weird.

[Tom Pyles]

eesh...perhaps I jumped the gun this morning, but I just disabled the scripts. I hated to do that to our users, however, seems like every other week, there is a new issue with the formmail.

[rpmws]

ah ha!!!! hehe

/cgi-sys/formmail.plbcc:BEWGROCK@aol.comContent-Type HTTP/1.1" 404 -


since the upcp

cPanel.net Support Ticket Number:

[torwill]

Originally posted by rpmws
ah ha!!!! hehe

/cgi-sys/formmail.plbcc:BEWGROCK@aol.comContent-Type HTTP/1.1" 404 -


since the upcp

cPanel.net Support Ticket Number:

i got the exactly same address "BEWGROCK@aol.com" sending mails....

luckily, it was fixed pretty fast.

cPanel.net Support Ticket Number:

[rpmws]

Originally posted by torwill
i got the exactly same address "BEWGROCK@aol.com" sending mails....

luckily, it was fixed pretty fast.

cPanel.net Support Ticket Number:

It's the same SOB that has been hitting us all for months. We should all figure out a way to get him really bad like ban him from all our boxes. Nick should block him with the next upcp for everyone so he can't reach half the internet.

cPanel.net Support Ticket Number:

[ccccanada]

Hello!

I followed some earlier instructions for this problem and did the following.

cd /usr/local/cpanel/cgi-sys
chmod 700 formmail.pl
chmod 700 FormMail.pl
chmod 700 formmail.cgi
chmod 700 FormMail.cgi
chmod 700 FormMail-clone.cgi

Can someone please let me know what it should be chmoded to to make the scripts work again??

Thanks

cPanel.net Support Ticket Number: