nanog mailing list archives

Re: formmail.pl - What hack is this?

From: Jeff Wasilko <jeffw () smoe org>
Date: Sun, 27 Jan 2002 22:06:38 -0500


On Sun, Jan 27, 2002 at 08:54:42PM -0600, John Palmer (NANOG Acct) wrote:


Anyone hear of some sort of a cracking method that uses cgi-bin/formmail?
I've seen alot of these in my httpd/access_log files
lately. I don't have formmail.pl anywhere on my system - I flushed all of
the cgi-bin stuff that came with apache a long time ago.


Spammers use it for sending spam. Early versions of FormMail
didn't do any input checking and could be used to send mail to
any recipient.

-j

Current thread:

formmail.pl - What hack is this? John Palmer (NANOG Acct) (Jan 27)
- Re: formmail.pl - What hack is this? Jeff Wasilko (Jan 27)
- Re: formmail.pl - What hack is this? Andy Walden (Jan 27)
- RE: formmail.pl - What hack is this? Tim Irwin (Jan 27)
- <Possible follow-ups>
- Re: formmail.pl - What hack is this? Steven M. Bellovin (Jan 27)