North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: formmail.pl - What hack is this?
> -----Original Message----- > From: email@example.com [mailto:firstname.lastname@example.org]On Behalf Of > John Palmer (NANOG Acct) > Sent: Sunday, January 27, 2002 9:55 PM > To: email@example.com > Cc: 'BSDI users List' > Subject: formmail.pl - What hack is this? > > > > Anyone hear of some sort of a cracking method that uses cgi-bin/formmail? > I've seen alot of these in my httpd/access_log files > lately. I don't have formmail.pl anywhere on my system - I flushed all of > the cgi-bin stuff that came with apache a long time ago. > > John > A quick search at securityfocus.org reveals that there were a couple of formmail security problems and loophole that spammers used dating back to last year. Here's a link to an email in the archive on securityfocus.org that has a brief synopsis: http://www.securityfocus.org/archive/1/193497 Hope this helps, Tim