|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Reply-To: <tim@eng.bellsouth.net> From: "Tim Irwin" <tim@eng.bellsouth.net> To: "John Palmer (NANOG Acct)" <nanog@adns.net>, <nanog@merit.edu> Cc: "'BSDI users List'" <bsdi-users@mailinglists.org> Date: Sun, 27 Jan 2002 22:15:59 -0500 Message-ID: <LCEKLACNFGLMOPOGNBNMCELICIAA.tim@eng.bellsouth.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit In-Reply-To: <011601c1a7a7$22eae140$c89d05c7@TAKA> Errors-To: owner-nanog-outgoing@merit.edu > -----Original Message----- > From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of > John Palmer (NANOG Acct) > Sent: Sunday, January 27, 2002 9:55 PM > To: nanog@merit.edu > Cc: 'BSDI users List' > Subject: formmail.pl - What hack is this? > > > > Anyone hear of some sort of a cracking method that uses cgi-bin/formmail? > I've seen alot of these in my httpd/access_log files > lately. I don't have formmail.pl anywhere on my system - I flushed all of > the cgi-bin stuff that came with apache a long time ago. > > John > A quick search at securityfocus.org reveals that there were a couple of formmail security problems and loophole that spammers used dating back to last year. Here's a link to an email in the archive on securityfocus.org that has a brief synopsis: http://www.securityfocus.org/archive/1/193497 Hope this helps, Tim
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |