nanog mailing list archives

Re: formmail.pl - What hack is this?

From: "Steven M. Bellovin" <smb () research att com>
Date: Sun, 27 Jan 2002 22:08:44 -0500


In message <011601c1a7a7$22eae140$c89d05c7@TAKA>, "John Palmer (NANOG Acct)" wr
ites:


Anyone hear of some sort of a cracking method that uses cgi-bin/formmail?
I've seen alot of these in my httpd/access_log files
lately. I don't have formmail.pl anywhere on my system - I flushed all of
the cgi-bin stuff that came with apache a long time ago.

Spammers are actively looking for such scripts to abuse to send junk mail.
See, for example, http://securitytracker.com/alerts/2001/Mar/1001108.html


                --Steve Bellovin, http://www.research.att.com/~smb
                Full text of "Firewalls" book now at http://www.wilyhacker.com

Current thread:

formmail.pl - What hack is this? John Palmer (NANOG Acct) (Jan 27)
- Re: formmail.pl - What hack is this? Jeff Wasilko (Jan 27)
- Re: formmail.pl - What hack is this? Andy Walden (Jan 27)
- RE: formmail.pl - What hack is this? Tim Irwin (Jan 27)
- <Possible follow-ups>
- Re: formmail.pl - What hack is this? Steven M. Bellovin (Jan 27)