Date: Tue, 22 Sep 1998 00:53:13 +1200 (NZST) From: Andrew McNaughton <andrew@squiz.co.nz> To: Brett Glass <brett@lariat.org> Cc: "Jan B. Koum " <jkb@best.com>, security@FreeBSD.ORG Subject: Re: Bogus hits on our Web server Message-ID: <Pine.BSF.3.96.980922004052.2304B-100000@aniwa.sky> In-Reply-To: <199809210010.SAA12487@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 20 Sep 1998, Brett Glass wrote: > By the way, just got a few more. What's this "formmail.pl" they're > testing for? there's a FormMail.pl on Matt's Script Archive, which sends the contents of a CGI form via email but can be subverted using a fudged http request so as to send to any address (referrer check). May not be this exact script they're after, but probably something along those lines. Probably you have someone looking to cover their tracks when sending mail. Spam or other nastyness. A CGI mail form should be configured with a list of mail addresses it may send to, and for what it's worth it should create a mail header containing the originating IP of the CGI request. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980922004052.2304B-100000>