Web Hosting Forum | Lunarpages

Author Topic: Form Mail Exploits  (Read 5800 times)

Offline Admin

  • ‹ber Jedi
  • *****
  • Posts: 2530
    • Lunarpages Web Hosting
Form Mail Exploits
« on: November 28, 2005, 10:12:07 AM »
Hello,
 
The following security alert is for anyone who uses a form mail script on their web site.  Form mail scripts are generally used to allow browsers to submit an email from your website.  This may include feedback forms or contact forms.  If you do not have any such feature on your site, you may disregard this notice.
 
Recently we have seen a lot of exploit (hacker) activity on PHP and CGI form mail scripts.  The majority of exploited scripts are hand coded form mail scripts.  The exploits will use the form mail to automatically send spam from the account.  (An "exploit" is a term used for a piece of code written by a malicious person to abuse a customerís account.  This is not a server vulnerability but an issue specific to the coding found in particular scripts.) The result of this is that we will receive spam warnings from AOL, Spamcop and other reporting agencies.  If we receive too many complaints, our servers are at risk of being black listed which will affect email on all servers.
 
It is very important to check your scripts to ensure they are secure.  At this time, the only form mail script we are recommending is the one found here:  http://nms-cgi.sourceforge.net/scripts.shtml.  If you are using a hand coded form mail script, it is highly recommended that you change to the NMS form mail script.
 
Regardless of which form mail script you use, it is very important you name it something random.  Please DO NOT USE the following words when naming your form mail scripts:  form, mail, contact or feedback.  People exploiting these forms search for these commonly used words on search engines to more easily identify vulnerable scripts.
 
We are currently scanning all servers to find scripts using those names as well as replying to all spam complaints.  If a script is found that was exploited or has the potential to be exploited, the script will be renamed.  This may cause your script to stop functioning so it is imperative you change your naming as soon as possible.   
 
We apologize for the inconvenience but it is necessary to take swift action in order to preserve the integrity of the servers so email is not disrupted for anyone.  If you have any questions or concerns, please contact support@lunarpages.com.   Please also see the following Lunarforums link:  [here]
 
Thank you,
Lunarpages Support

 

Share |