North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: formmail.pl - What hack is this?
- From: Tim Irwin
- Date: Sun Jan 27 22:19:08 2002
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com]On Behalf Of
> John Palmer (NANOG Acct)
> Sent: Sunday, January 27, 2002 9:55 PM
> To: firstname.lastname@example.org
> Cc: 'BSDI users List'
> Subject: formmail.pl - What hack is this?
> Anyone hear of some sort of a cracking method that uses cgi-bin/formmail?
> I've seen alot of these in my httpd/access_log files
> lately. I don't have formmail.pl anywhere on my system - I flushed all of
> the cgi-bin stuff that came with apache a long time ago.
A quick search at securityfocus.org reveals that there were a couple of
formmail security problems and loophole that spammers used dating back to
last year. Here's a link to an email in the archive on securityfocus.org
that has a brief synopsis:
Hope this helps,