Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cpanel formmail being exploited

Discussion in 'E-mail Discussion' started by forlinuxsupport, May 7, 2008.

  1. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    Hey


    I have the cpanel formmail clone turned on the server (Tweak settings)

    Some sites however don't use / need it.

    I have found a spammer who is posting to the formmail and sending spam to the
    domain even though that domain doesn't use it.

    Here is the apache access log entry.
    194.8.75.204 - - [22/Apr/2008:07:18:09 +0100] "POST /cgi-sys/formmail.cgi HTTP/1.1" 302 280 "
    http://www.mysite.co.uk/contactus"
    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

    The site that is getting hit DOESNT need the cpanel formmail enabled.

    So how can I disable it for certain sites ?

    Would a redirect work ?
    E.g. RewriteRule ^cgi-sys/(.*)$ http://www.mysite.co.uk/ [L]

    So if they try access the formmail - just redirect them to the main index file.

    Can I turn it OFF for certain sites ? - is their a config file for this ?

    Cheers
    Andy
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    Root Administrator
    will the redirect stop it ?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,216
    Likes Received:
    10
    Trophy Points:
    313
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I've encountered this issue myself beginning about a year ago. Unfortunately, there is no way to easily disable this on a per-site basis (Feature Manager only hides the icons).

    There's a feature request in the system to add a captcha capability to the FormMail clone to curb such spam: http://bugzilla.cpanel.net/show_bug.cgi?id=6530
     
  4. brianoz

    brianoz Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,146
    Likes Received:
    6
    Trophy Points:
    168
    Location:
    Melbourne, Australia
    cPanel Access Level:
    Root Administrator
    There's a simpler fix. Check for \n and fields like bcc in the submitted fields and you'll stop your spammer dead in his tracks.

    Adding a captcha form may also be nice, but it's a lot more work.

    Cpanel should really fix this quickly; it's not good to be distributing software that allows spammers to operate open relays by default.

    Of course, the other method for stopping this without waiting for a cpanel update is a few well placed mod_security patterns! Like:

    Code:
       SecFilterSelective POST_PAYLOAD "Subject\:" chain
       SecFilterSelective ARG_Bcc ".*\@"
       SecFilterSelective POST_PAYLOAD "Subject\:" chain
       SecFilterSelective POST_PAYLOAD "\s*bcc\:"
       SecFilterSelective ARGS_VALUES "\n\s*bcc\:.*\@"
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 brianoz, May 14, 2008
    Last edited: May 14, 2008
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice