The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FormMail-clone.cgi [was: Security spam hole in cgi-sys/formmail.pl re-write]

Discussion in 'Security' started by cPanelNick, May 18, 2003.

Thread Status:
Not open for further replies.
  1. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Please update to

    EDGE 4
    RELEASE 5
    or
    STABLE 6

    as soon as possible to close a hole in FormMail-clone.cgi which will allow spammers to send out unwanted email.

    If you do not wish to update you can install a patched binary from:

    http://host.cpanel.net/~nick/FormMail-clone.bin
    into
    /usr/local/cpanel/cgi-sys/FormMail-clone.cgi

    -rwxr-xr-x 4 root wheel 533384 May 18 17:51 formmail.cgi*
    -rwxr-xr-x 4 root wheel 533384 May 18 17:51 FormMail.cgi*
    -rwxr-xr-x 1 root wheel 533384 May 18 17:51 FormMail-clone.cgi*
    -rwxr-xr-x 4 root wheel 533384 May 18 17:51 formmail.pl*
    -rwxr-xr-x 4 root wheel 533384 May 18 17:51 FormMail.pl*


    make sure to replace all formmail scripts
     
  2. Hoster2k

    Hoster2k Well-Known Member

    Joined:
    Jun 17, 2002
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    they were using formmail.pl with me. Looking at the file sizes though are they all exactly the same thing, FormMail.pl, formmail.pl, FormMail.cgi etc
     
  3. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    Just grabbed edge 4.

    tailing logs .. saw hit .. saw mail leave ..panic for 10 seconds ...see mail was legit :) still watching. Looks like the legit use is still working. That's a plus!!! so far so good. Thank's Nick!
     
  4. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    nick, upgraded to the latest version and now WHM news does not appear in the WHM any more.
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    relax and reload.. it was being updated :)
     
  6. SoftmegUK

    SoftmegUK Well-Known Member

    Joined:
    Feb 13, 2002
    Messages:
    372
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    lol im relaxed now :p
     
  7. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider

    Catch me on aim (cpanelnick) and I should be able to help you out with that.
     
  8. andyf

    andyf Well-Known Member

    Joined:
    Jan 7, 2002
    Messages:
    246
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    UK
    If you'd like to share that, I'm sure we'd all love to know :)
     
  9. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    I've updated 1 server just fine... but I just tried updating a second server with /scripts/upcp and it is hanging on the following:-

    ..Done
    webmail.....Done
    static-stunnel...........Done
    imap..........Done
    formmail.....Done
    imp.....


    Anything I should be doing here?
     
  10. web12

    web12 Well-Known Member

    Joined:
    Nov 20, 2002
    Messages:
    240
    Likes Received:
    0
    Trophy Points:
    16
    Also,

    I have done the manual stable update, but its given me release...

    now that is weird.
     
  11. Tom Pyles

    Tom Pyles Well-Known Member

    Joined:
    Apr 26, 2002
    Messages:
    254
    Likes Received:
    0
    Trophy Points:
    16
    eesh...perhaps I jumped the gun this morning, but I just disabled the scripts. I hated to do that to our users, however, seems like every other week, there is a new issue with the formmail.
     
  12. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    ah ha!!!! hehe

    /cgi-sys/formmail.plbcc:BEWGROCK@aol.comContent-Type HTTP/1.1" 404 -


    since the upcp

    cPanel.net Support Ticket Number:
     
  13. torwill

    torwill Well-Known Member

    Joined:
    Jun 25, 2002
    Messages:
    141
    Likes Received:
    0
    Trophy Points:
    16

    i got the exactly same address "BEWGROCK@aol.com" sending mails....

    luckily, it was fixed pretty fast.:D

    cPanel.net Support Ticket Number:
     
  14. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    It's the same SOB that has been hitting us all for months. We should all figure out a way to get him really bad like ban him from all our boxes. Nick should block him with the next upcp for everyone so he can't reach half the internet.

    cPanel.net Support Ticket Number:
     
  15. ccccanada

    ccccanada Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    Hello!

    I followed some earlier instructions for this problem and did the following.

    cd /usr/local/cpanel/cgi-sys
    chmod 700 formmail.pl
    chmod 700 FormMail.pl
    chmod 700 formmail.cgi
    chmod 700 FormMail.cgi
    chmod 700 FormMail-clone.cgi

    Can someone please let me know what it should be chmoded to to make the scripts work again??

    Thanks

    cPanel.net Support Ticket Number:
     
  16. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    Chmod them to 755.
     
  17. ccccanada

    ccccanada Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    I thought so but was not sure.

    Thank you

    cPanel.net Support Ticket Number:
     
  18. Elikster

    Elikster Well-Known Member

    Joined:
    Feb 8, 2003
    Messages:
    119
    Likes Received:
    1
    Trophy Points:
    18
    Formmail Not working

    I upgraded it and then checked into it and it still accepting spams from 3 hosts somewhere in Brazil for some lame ass gaming website. I got over 24K emails in just 1 hour after I patched it.

    So I had to disable it and then put the blocks on those IP addresses til this is further addressed.

    cPanel.net Support Ticket Number:
     
  19. netrilli

    netrilli Member

    Joined:
    Apr 8, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Having a problem with the upgrade.

    CPanel and WHM are not working on one of the servers.
    www.dns-nt.net/cpanel

    Any ideas?

    cPanel.net Support Ticket Number:
     
  20. jsteel

    jsteel Well-Known Member

    Joined:
    Jul 4, 2002
    Messages:
    646
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Atlanta, GA
    Check to see if WHM/cP are running. We had them not restart in the past after upgrades.

    Just go to the command line and run:

    /etc/rc.d/init.d/cpanel3 restart

    That will probably get you back up and running.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page