Knowledge
Base
- HOME:
FormMail
FormMail is a webpage form to email gateway, which will parse the results of a webpage form and send the results to an email address.
|
-
-
- 2. I am getting strange Formmail emails from my domain.
Here's a little background on what's happening...
One of the most popular form-to-email scripts in use today is the one that we provide for all our hosting clients - FormMail. Detailed info on FormMail can be found in the "FormMail Reference" section of your Account Manager (or try Google.com).
Because of the script's popularity and because of many major security issues with the older versions of FormMail, it is a prime target as a means for spammers to send their messages. The great advantage to the spammers when they use someone else's FormMail script is that the spam messages will originate from that someone else's domain.
To find vulnerable scripts, the spammers will probe every domain on the Internet. The probes are done via automatic scripts and are standard requests for web pages that will show in your site's log files as hits to "/cgi-bin/formmail.pl", "/cgi-bin/FormMail.pl", etc, etc, etc. Most of those hits will fail because the target doesn't exist. Once they find the system FormMail script that does exist at your site, then they proceed to test it. The results of those tests are the message that you are receiving.
Every site has a FormMail configuration file where the FormMail configuration and security options are set. The default config file allows the sending of form results to any address at the domain, but not to any other address. That makes the script pretty much useless to the spammer, but you will still get the results of some of those tests.
We have found that those probes happen infrequently at any particular domain. You may wish to simply delete the messages when they occur. ..Or you may tighten the restrictions in your config file to virtually eliminate any chance that you will receive any further probe generated messages.
This can be done by changing the "allow_mail_to" option from "your_domain.com" to "your_address@your_domain.com", where "your_address@your_domain.com" is the destination email address for any forms that you may have. If you are not using any FormMail forms then change the line to read simply "null". If you would like for Support to do that for you, just drop us a note.
Since the default config file doesn't allow sending email to other parties (which is what they are really looking for), the messages usually don't indicate any major problem. But they can act as a clue that you may want to look at and perhaps tighten up the security in your formmail config file. By using the "allow_mail_to" and "recipient_alias" options, it's pretty easy to eliminate those nuisance messages as well as hide your email addresses from view on the Internet.
Updated: September 3, 2003
-
-
|
|
|
|