The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Formmail, cgiemail, etc - What to do?

Discussion in 'E-mail Discussions' started by justhost, Oct 3, 2003.

  1. justhost

    justhost Well-Known Member

    Joined:
    Sep 2, 2003
    Messages:
    108
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Halifax, Nova Scotia
    Hello all

    This is an ongoing debate and discussion everywhere I go.

    Now obviously not allowing the defaults cgi-sys/formail.pl script to be available is appropriate, but what if someone were to use Matt Wrights Formail and name it say contform.pl? Wouldnt this elliminate (or at least greatly minimize) the SPAMMERS bots from abusing it?

    When I read through his newest version, it just seems fairly secure? If the recipient is hardcoded into the code (ie instead of putting in domain.com put in info@domain.com) wouldnt that prevent abuse?

    Just curious on peoples thoughts?

    Also, how do I remove the options for Formail and cgiemail in in CPanel CGI Center?

    What abouy entropychat? Secure or no? I have heard (read) a few negative things ?

    Thank you.

    cPanel.net Support Ticket Number:
     
  2. Jemshi

    Jemshi Well-Known Member

    Joined:
    Sep 11, 2003
    Messages:
    210
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    as far as I know, the hole in formmail has been fixed. spammers are no longer able to send mails using that.

    it now sends mail to domain owners only.

    cPanel.net Support Ticket Number:
     
  3. myusername

    myusername Well-Known Member
    PartnerNOC

    Joined:
    Mar 6, 2003
    Messages:
    691
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    chown -R us.*yourbase*
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    As far as we know....

    Do yourself a favor.

    chmod 000 all 5? mail script variants in cgi-sys. Rename it, like you say. Then chattr +i so cPanel cannot overwrite it.

    I stick with the updates, and tell a user the reason their form does not work is they need to change the action of their form to "mysupereasyfantasticmailscript.cgi"

    It is named shorter than that of course, but I wont tell you all my secrets.

    NUTSHELL: Rename one of the formmails, disable the defaults, (chmod 000) and chatttr them so they cant be overwritten. Tell your users the "custom action" and formmail works, bots cant spam, and all is good. (untill bots start sniffing the underlying code, rather than the script name)

    Cheers

    :D

    cPanel.net Support Ticket Number:
     

Share This Page