[45279] in North American Network Operators' Group
Re: formmail.pl - What hack is this?
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Sun Jan 27 22:10:26 2002
From: "Steven M. Bellovin" <smb@research.att.com>
To: "John Palmer (NANOG Acct)" <nanog@adns.net>
Cc: nanog@merit.edu,
"'BSDI users List'" <bsdi-users@mailinglists.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 27 Jan 2002 22:08:44 -0500
Message-Id: <20020128030844.AD99F7B5A@berkshire.research.att.com>
Errors-To: owner-nanog-outgoing@merit.edu
In message <011601c1a7a7$22eae140$c89d05c7@TAKA>, "John Palmer (NANOG Acct)" wr
ites:
>
>Anyone hear of some sort of a cracking method that uses cgi-bin/formmail?
>I've seen alot of these in my httpd/access_log files
>lately. I don't have formmail.pl anywhere on my system - I flushed all of
>the cgi-bin stuff that came with apache a long time ago.
>
Spammers are actively looking for such scripts to abuse to send junk mail.
See, for example, http://securitytracker.com/alerts/2001/Mar/1001108.html
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
