Chances are your reading this because you just got an email (or a few) about insecure scripts from
hostmaster@lunarpages.com or you got an email stating that your script has been renamed.
Due to some recent exploits on some of the formmail installations lunarpages is actively disabling exploited/able scripts following the emails being sent out.
You are highly recommended to switch any formmailing scripts over to the nms-cgi script which can be found at:
http://nms-cgi.sourceforge.net/tfmail.zipWhen you configure it there are a few things to consider:
1) Upload the file in ASCII format - this is a primary cause of 500 server errors
2) CHmod it to 755 (unless directions specify otherwise
3) The path to sendmail on the system can be found in the main CPanel screen (usually located in the left bar near the bottom.
4) Same with the path to perl on your server.
5) do not name it with a name that contains "mail" or "formmail". This is not a security issue as much as the fact that there are spammer robots that crawl the web looking for files with names that contain "mail" and are a script - which they then bomb with exploit techniques, hoping to get through. This puts an unneccessary load on the server, so choosing a different name is wise.
At this time, there have been no listing of php based scripts with exploits. I will update this if I hear of any such announcements.
The current list of banned form mailing scripts are as follows:
Matt Wright?s FormMail
EZ Formmail
Jack?s FormMail
Big Nose Bird
Twebman?s Mail script (The perl version)
If you are wondering how the exploits work on some fo these scripts, search the forums and you will see several examples of possible exploitable lines of code.
Please refrain from posting in this thread unless it is to update this list etc. If you need help installing a script, please start a new thread, or join in a current one.
Hope this helps!
- Ed (Kata)
Security/C++ Perl Moderator
Dilber MC Theme by HarzeM