How to modify cig-sys file?

[royli57]

Hello,

One of my clients is using formmail, which resides on the server at XXXXXXXX.com/cgi-sys/formmail.pl. She said that she needed to access the formmail.pl file, but cannot access it through the FTP client. She needs to manually add emails to the formmail.pl file by editing the code.

Is there a way to give her access to this file? Can she access through FTP somewhere, or through cpanel?

thanks

Roy

[sparek-3]

The user won't be able to access the formmail.pl file in the cgi-sys directory. Even if they could, they won't be able to edit the file because it is a compiled binary.

The only solutions the user has (that I know of) would be to install their own formmail script in their cgi-bin directory. I would not recommend this, because then you or the user would have to keep up with that formmail to insure that it is up-to-date and secure of any exploits.

The best solution would be to just have the user create forwarders for their form use. They likely want to send form results to something@yahoo.com. Instead of directly mentioning something@yahoo.com as the recipient in their HTML form, have them create a forwarders in their control panel such that form@domain.com forwards to something@yahoo.com, then change the form's HTML code to use a recipient of form@domain.com.

[royli57]

Thanks for the reply.

It seems like they need to add the emails directly into the formmail script, so that spammers do not take advantage of the script. Why would the formmail be included in cpanel, if there is not a way to modify it?

I will let them know about the CGI-bin option.

thanks

Roy

[sparek-3]

I am really not sure what they are referring to. The CPanel formmail script is secure. It only allows recipients that use a domain name of an account that exists on the server.

I bet what your client is referring to, is that they want to hide their e-mail address from possible spambots. When you use formmail, you have to specify a recipient which is visible in the HTML source. The number of spambots that go around harvesting these addresses have increased and one way to avoid that is to hardcode a recipient in the formmail script. This isn't possible with the cpanel formmail script (atleast to my knowledge), although you might bring it up as an enhancement request to the cpanel developers. If the user is wanting this type of protection, they will need to use their own formmail script or code their own script to handle the form.

[royli57]

ah, I understand your meaning now. They can only send to emails that end in @theirdomain.tld.

I will set up the email forwards like you suggested, thanks for the help!

Roy

[beley]

While this might keep spammers from abusing the formmail script, it does nothing to keep spammers from getting the clients' email addresses.

Is there a way to use email aliases with the encrypted formmail script? The NMS formmail allows you to use aliases (i.e. "bob" for "bob@mydomain.com") so that spammers and bots don't pick up the email addresses in the HTML code.

I have a client that really needs to hide email addresses, and I can't think of a way to keep their emails protected without installing unencrypted formmail scripts, which I don't want. I run a search for formmails every day, so tthat would defeat the purpose.

If there was a way to send "bob" and it know that it meant "bob@domain.com" that would be perfect. Is there any way to do this with the encrypted Cpanel formmail script?

[AndyReed]

If there was a way to send "bob" and it know that it meant "bob@domain.com" that would be perfect. Is there any way to do this with the encrypted Cpanel formmail script?

Allow me to reiterate what sparek-3 said in response to the question above, "this isn't possible with the cpanel formmail script."

If a client wants to protect their email address, you need to write your own, or use any of the freely distributed scripts at: http://www.hotscripts.com/PHP/Script...ams/index.html

We modified formmail.cgi script where the email address of the sender is hard coded in the script.

[beley]

We're writing a PHP script using cURL to act as a pre-formmail processor and it will replace the email variable with the applicable email address. It's the only thing we could find that would work, without having to completely reinvent the wheel.