Advice Articles

  • Beginners
    Just getting started? Loads of powerful advice here for beginners.
  • Intermediate
    Got a handle on the basics? Find more advanced topics covered here.
  • Advanced
    Warning! Advanced topics covered here.
  • Affiliate resources
    Affiliate marketing resources for affiliates and affiliate program managers tools, websites, books and articles.
  • Product reviews
    Candid reviews of the latest products to take you to the next level.


  

Advanced Search

Affiliate Marketing Forum

FAQFAQ  SearchSearch  MemberlistMemberlist  UsergroupsUsergroups   RegisterRegister ProfileProfile  Log in to check your private messagesPrivate Messages Log inLog in  
Hackers??

 Affiliate Marketing Forum Index -> General affiliate discussion
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
Dinky



Joined: 09 Nov 2003
Posts: 25
PostPosted: Sat Nov 22, 2003 11:37 am    Post subject: Hackers?? Reply with quote
Today I noticed in my logfile the following in the failures report:
/cgi-bin/formmail.cgi
/cgi-bin/formmail.pl
/cgi-bin/FORMMAIL.PL
/cgi-bin/FormMail.cgi
/cgi-bin/FormMail.pl
/cgi-bin/Formmail.pl
/cgi-bin/mail.pl

Is this someone trying to access my server through a formmail script??

Confused...
Back to top View user's profile Send private message
aesoft



Joined: 07 Nov 2003
Posts: 15
Location: USA
PostPosted: Sat Nov 22, 2003 12:34 pm    Post subject: Reply with quote
Hi Dinky,

Not necessarily an intention to break into your server.

There are several older FormMail scripts that have some security
holes in them that allow others to exploit the scripts mainly for Spamming
purposes.

Note: This script came out way before Spamming was such a problem
and the abuse was minimal.

You can go to:
http://www.scriptarchive.com/formmail.html

and you'll notice:
"SECURITY UPDATE -- April 19, 2002 -- UPGRADE IMMEDIATELY"
Quote:
Any users who have versions of FormMail prior to v1.91, including the popular version 1.6, should upgrade immediately. v1.91 plugs several more spam-related security holes. The following fixes have also been implemented since v1.6: prevents unwanted access to environment variables and problem of receiving e-mail while using the redirect option. The script has two extra arrays (new in v1.7) you must define, but will not affect current forms or the way they appear after having been submitted.


Again, I've only ran across this from OLDER scripts and Matt's script,
the grandfather of FormMail scripts, was the most widely known script
for this breech.

All in all, you should be fine. You may want to track the IP address
and interval for future ref.

Hope this helps.
_________________
All The Best,
James
ZipBranding.com

*******************
This new software is creating a shockwave in the
internet marketing community...

Find out how to grab a Free copy today!
Back to top View user's profile Send private message Visit poster's website
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Affiliate Marketing Forum Index -> General affiliate discussion All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum





Your host: Allan Gardyne.
Earning a good living from affiliate programs since 1998.