PDA

View Full Version : Hmm formmail wierd...

EasyNetwork
08-13-03, 06:56 AM
Return-path: <----@--------------.--->
Envelope-to: LqRUgbKm@--------------.---
Delivery-date: Wed, 13 Aug 2003 06:54:57 -0600
Received: from root by --------------.--- with local (Exim 4.20)
id 19mv9V-0007ku-FL
for LqRUgbKm@--------------.---; Wed, 13 Aug 2003 06:54:57 -0600
To: LqRUgbKm@--------------.---
From: LqRUgbKm@--------------.---
Subject: http://www.--------------.---/cgi-sys/formmail.pl (210.242.69.243:80) bcc: bagnallb@aol.comVBd MIeKq K LBhTOUsNv Nx CNqk Oe1O8 3I BJfu I1PWjqjPLCfz8 EVcZ0Ko m EMWJxEHme6vroq2RNhNuT ˙FFFFCCabcdefghijklmnopqr.
Message-Id: <E19mv9V-0007ku-FL@--------------.--->
Date: Wed, 13 Aug 2003 06:54:57 -0600


I got about 11 of those messages in my mailbox, any ideas?

<<:chicken:'s NOTE: I removed the email addresses, per request by thread starter, as they aren't needed. They were delivered to his domain.>>
suppleSupport
08-13-03, 03:22 PM
We've had a number of users report this today.

It appears that there are people on the internet trying to exploit an old vulnerability in the formmail.pl script that we use. The vulnerability no longer exists, but instead of the mail being sent to the intended recipients, a copy is forwarded to the owner of the domain that was used to send the email. Therefore, the emails you receive are nothing to worry about. No mail is actually being sent out from your account/domain.
EasyNetwork
08-13-03, 03:30 PM
Good to know, thank you
suppleSupport
08-13-03, 03:33 PM
No problemo :)
net-trend
08-14-03, 07:00 AM
If you are worried still, you can always disable formmail. :)
hostdime
08-15-03, 05:26 PM
We had 233,000 of these on one box. Formmail disabled.

chmod 000 /usr/local/cgi-sys/Form*
chmod 000 /usr/local/cgi-sys/form*
chattr +ai /usr/local/cgi-sys/

;)
ABHS
08-27-03, 08:07 AM
as you know the jack-ass testing the form script is an aol user but aol won't do jack about it as long as the user is paying his monthly dues

can anyone say hack attack??
EasyNetwork
08-27-03, 08:11 AM
bagnallb@aol.com is faked...
markblair
08-27-03, 08:27 AM
Over the past week or so I've been bombarded by these messages. I was about to look for a formmail update just in case but it sounds like all is fine (except for deleting messages :rolleyes:). What I plan to do is block anything that isn't intended for a specific recipient. In each of these messages, the sender is not valid.