Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: formmail.pl - What hack is this?

  • From: Tim Irwin
  • Date: Sun Jan 27 22:19:08 2002

> -----Original Message-----
> From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of
> John Palmer (NANOG Acct)
> Sent: Sunday, January 27, 2002 9:55 PM
> To: nanog@merit.edu
> Cc: 'BSDI users List'
> Subject: formmail.pl - What hack is this?
>
>
>
> Anyone hear of some sort of a cracking method that uses cgi-bin/formmail?
> I've seen alot of these in my httpd/access_log files
> lately. I don't have formmail.pl anywhere on my system - I flushed all of
> the cgi-bin stuff that came with apache a long time ago.
>
> John
>

A quick search at securityfocus.org reveals that there were a couple of
formmail security problems and loophole that spammers used dating back to
last year.  Here's a link to an email in the archive on securityfocus.org
that has a brief synopsis:

http://www.securityfocus.org/archive/1/193497

Hope this helps,
Tim









Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.