Web Hosting Forum | Lunarpages

Author Topic: Setting up NMS FormMail  (Read 86719 times)

leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #30 on: February 01, 2007, 12:22:40 PM »
Will I lose any benefits if I go to the php method? I originally had a php script sending the form, but lunarpages told me that I had to switch to nms formmail or else they would take my script down.

As long as you code your php so that you aren't vulnerable to email injection exploits, you should be okay.

Here's a post you might want to read:

http://www.lunarforums.com/forum/index.php?topic=30571.msg238242#msg238242

Offline doran

  • Newbie
  • *
  • Posts: 5
Re: Setting up NMS FormMail
« Reply #31 on: March 22, 2007, 07:58:42 AM »
Following instructions to the letter and it worked perfectly first time. Now the recipient is being spammed similar to the snip below. Anyone have a thought?

City: Minolche de fehhan jida

Links removed
« Last Edit: June 02, 2007, 02:38:49 PM by RyanJ »

Offline sodani

  • Space Explorer
  • ***
  • Posts: 6
Re: Setting up NMS FormMail
« Reply #32 on: March 22, 2007, 08:20:53 AM »
Following instructions to the letter and it worked perfectly first time. Now the recipient is being spammed similar to the snip below. Anyone have a thought?

All of my NMS FormMail forms are getting spammed too. Does anyone know how spammers are able to do this with bots?

leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #33 on: March 22, 2007, 09:17:06 AM »
I'm getting spammed with those type codes, too.

However, rest assured that the only problem is ... that it's a nuisance.

The spammer/bot is trying to find vulnerable scripts to inject code into websites. The NMS FormMail script prevents this from happening (the script is secure from hacking, spam relays, spam harvesting, injection exploits, etc.), but unfortunately, you do receive the irritating emails submitted to the form.

Offline doran

  • Newbie
  • *
  • Posts: 5
Re: Setting up NMS FormMail
« Reply #34 on: March 22, 2007, 09:52:29 AM »
Found the snippet below on a newsgroup that pretty much describes my situation ...

Eventually I tracked down a little perl cgi ... which the web guys were
 using to email the results of form data. Spammers were using this cgi as
 a spam relay, to spam AOL customers.


Does Lunar pages provide any alternative 'form to email' options in the control panel? Seems like a lot of nifty stuff there.

If not I'll make a stab at a 'captcha' if someone could kindly point me in the right direction.

Thanks!

leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #35 on: March 22, 2007, 10:03:13 AM »
doran -

Your form can't be used as a spam relay due to the NMS FormMail code prevents that, but if you don't want to receive the irritating spam emails sent to you, then you should go to a CAPTCHA method (which would normally be coded in php), however please make sure that if a malicious person "manually" fills out your form, that your code is safe from email injection exploitation, etc. (read the very first post on this particular page and click on the link that I provided regarding email injection exploits).

Most of those email injection exploits aren't done manually, however, you never know, so you want to cover yourself just in case.

Offline doran

  • Newbie
  • *
  • Posts: 5
Re: Setting up NMS FormMail
« Reply #36 on: March 22, 2007, 01:00:43 PM »
Your form can't be used as a spam relay due to the NMS FormMail code prevents that,

which part of the code do you know, I may have it configured wrong cause the robots are definately on the attack.

Not having much luck so far with captcha, but I remain diligent...

leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #37 on: March 22, 2007, 01:30:25 PM »
which part of the code do you know, I may have it configured wrong cause the robots are definately on the attack.

There's a big difference with ONLY YOU receiving the spam attacks, or your form being used as a spam relay to shoot spam to OTHERS.

Are others getting spammed with your form that you know of?

If they aren't then your form is not being used as a spam relay, because the NMS FormMail prevents that.

The "@allow_mail_to" config is one of the security measures the NMS FormMail script uses to hinder spammers/bots from doing email injection exploits.

The info found in the posts that I previously mentioned you to read, explains about how spammers use forms for email injection exploits quite well, and you'll probably understand better what I am trying to explain if you read through it all :)

I assure you, the NMS FormMail script is secure in NOT using your form as a spam relay and the only nuisance is that YOU (and/or the email addys of those in your .pl script to which you have assigned to receive the form submissions) will be receiving the submissions to which the spammers are trying to inject malicious code, BUT they will be unsuccessful because you are using a secure form script (the NMS FormMail) which will NOT allow that to happen (they CAN'T forward spam to OTHERS using your form as a relay).

I can't explain it or be any more explicit than that, so hopefully that'll give you peace-of-mind in that regard :)

If you (and those you assign to receive the form submission) don't want to receive the "attempts"/spam, however, then you need to hinder the bots from filling out the form period, which then you need to use a CAPTCHA method for your forms. The NMS FormMail doesn't currently have a validation system for bot-form-filling, that I know of, anyway.
« Last Edit: March 22, 2007, 01:37:49 PM by leighsww »

Offline doran

  • Newbie
  • *
  • Posts: 5
Re: Setting up NMS FormMail
« Reply #38 on: March 22, 2007, 06:50:24 PM »
leighsww ..

Thanks a million for your help, it's to your credit, thank you!

Now bear in mind that my skills in this area can be plotted somewhere between Newbie and Doofus so I agree to agree with you that I am not a relay for spammers but I assure you I am being spammed in another way and I believe sodani will agree.

You'd think LunarPges would supply a spam free form to email script.

just my thoughts
doran




leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #39 on: March 22, 2007, 07:17:48 PM »
Yes, I totally agree with you that you are being spammed to, and believe me, I know what you are going through because I am receiving the exact same type spam form submissions myself (as I mentioned in my 2nd post on this page :)). Although, it's been slowing down in the last few days (didn't receive any today), so that's been great!  :happy:

Anyway, due to this post you made:

Quote from: doran
Found the snippet below on a newsgroup that pretty much describes my situation ...

Eventually I tracked down a little perl cgi ... which the web guys were
 using to email the results of form data. Spammers were using this cgi as
 a spam relay, to spam AOL customers.

I just felt I had to respond to you to make sure you knew the distinction, because that snippet isn't really your situation. Being a spam relay would be waaaaaay worse and thank heavens our forms can't be used in that manner!

Anyway, hopefully someday, somebody will figure out a way to have a CAPTCHA with the NMS FormMail script  :smiling:
« Last Edit: March 22, 2007, 07:19:20 PM by leighsww »

Offline doran

  • Newbie
  • *
  • Posts: 5
Re: Setting up NMS FormMail
« Reply #40 on: March 23, 2007, 01:03:47 PM »
Well ... after several spurts and stops, I achieved success with my form-to-email using this script  ...

http://www.hotscripts.com/Detailed/57314.html

It has catcha built in. Hope this derails the spammers.

Thanks again for your comments!!
Doran

Offline burnee

  • Newbie
  • *
  • Posts: 1
Re: Setting up NMS FormMail
« Reply #41 on: March 26, 2007, 07:35:46 PM »
Can someone set  up this formmail for me?  I am willing to pay someone, I have tried and tried and I just cant get it to work correctly.

I followed all the instructions, and just can't get it.  I am not that computer savy, and for sure not a programmer.

HELP PLEASE!

This is the site that I tried to do it if anyone wants to look at it.

http://www.aarpno.com/contact.html

I am using the other hosting company.com as a hosting company.  I had Matts script on my site and it worked fine, but they made me take it off.

 :argh:

Bernie

Offline pilgrimever

  • Trekkie
  • **
  • Posts: 10
Re: Setting up NMS FormMail
« Reply #42 on: July 24, 2007, 07:17:35 AM »
During routine maintenance, I think my form (or my script) was overwritten, so now it is not working.  The code for my perl script (melody.pl) is:
BEGIN
{
  $DEBUGGING         = 1;
  $emulate_matts_code= 0;
  $secure            = 1;
  $allow_empty_ref   = 1;
  $max_recipients    = 1;
  $mailprog          = '/usr/sbin/sendmail -oi -t';
  $postmaster        = '';
  @referers          = qw(extreme-dispatch.com localhost);
  @allow_mail_to     = qw(info@extreme-dispatch.com localhost);
  @recipients        = ();
  %recipient_alias   = ();
  @valid_ENV         = qw(REMOTE_HOST REMOTE_ADDR REMOTE_USER HTTP_USER_AGENT);
  $locale            = '';
  $charset           = 'iso-8859-1';
  $date_fmt          = '%A, %B %d, %Y at %H:%M:%S';
  $style             = '/markstyle.css';
  $no_content        = 0;
  $double_spacing    = 1;
  $wrap_text         = 0;
  $wrap_style        = 1;
  $address_style     = 0;
  $send_confirmation_mail = 0;
  $confirmation_text = <<'END_OF_CONFIRMATION';
From: info@extreme-dispatch.com
Subject: form submission

Thank you for your form submission.

END_OF_CONFIRMATION

The code on my form is as follows:
<form name="requestinfo" method="post" action="./cgi-bin/melody.pl">
   <input type="hidden" name="subject" value="Request Information">
   <input type="hidden" name="required" value="Lname,Fname,City,State,Phone,email">
   <input type="hidden" name="redirect" value="http://www.Extreme-Dispatch.com/thanks.html">
   <input type="hidden" name="missing_fields_redirect" value="http://www.Extreme-Dispatch.com/missingfields.html">

Any help would be gratefully received.  Thanks.

leighsww

  • Guest
Re: Setting up NMS FormMail
« Reply #43 on: July 26, 2007, 01:48:29 PM »
Go to this following post and see if any one of those is your problem:

http://www.lunarforums.com/index.php?topic=28881.msg225070#msg225070

It's probably the permissions on the .pl script needs to be reset to 755.

Offline pilgrimever

  • Trekkie
  • **
  • Posts: 10
Re: Setting up NMS FormMail
« Reply #44 on: July 27, 2007, 07:36:51 AM »
You're right - it was the permissions that was the problem.  Thanks very much for your assistance!

 

Share |