Re: How can my cgi form script be used by spammers?!!

Home	Messages Index

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index

Re: How can my cgi form script be used by spammers?!!

Subject: Re: How can my cgi form script be used by spammers?!!
From: Tha RagMan <wmercier.nospam@xxxxxxxxxx>
Date: Sun, 12 Feb 2006 14:16:04 GMT
Newsgroups: alt.www.webmaster
Organization: EarthLink Inc. -- http://www.EarthLink.net
References: <j_6dndfu1e0B43PeRVn-tg@trueband.net> <11ut0mieute6u75@corp.supernews.com> <brOdnXgaAcYXG3PeRVn-vw@trueband.net> <dsmodh$s0s$1@godfrey.mcc.ac.uk>
Reply-to: wmercier.nospam@xxxxxxxxxx
Xref: news.mcc.ac.uk alt.www.webmaster:316579

On Sun, 12 Feb 2006 07:18:52 +0000, Roy Schestowitz
<newsgroups@xxxxxxxxxxxxxxx> wrote:

>__/ [BG] on Sunday 12 February 2006 00:51 \__
>
>> 
>> "SmakDaddy" <smakdaddy@xxxxxxxxxxxxxxxxxxx> wrote in message
>> news:11ut0mieute6u75@xxxxxxxxxxxxxxxxxxxxx
>>>
>>> "BG" <johndoe@xxxxxxxxxxxxxxx> wrote in message
>>> news:j_6dndfu1e0B43PeRVn-tg@xxxxxxxxxxxxxxx
>>>> Several years ago I bought a nifty little program called CGI Star Pro and
>>> it
>>>> automatically created cgi script for my forms.  I am not nor have I ever
>>>> been a hacker, but I have reason to believe that these old cgi scripts
>>>> are
>>>> an open door for spammers.  I just basically went through and jerked all
>>> the
>>>> scripts and replaced with a standard contact page and an email address.
>>>>
>>>> Anyway, now I have a client that really, really wants a form.  What is a
>>>> really good, secure solution that can be used for this?  TIA
>>>>
>>>> BG
>>>>
>>>>
>>>
>>> http://phorm.com
>> 
>> This looks pretty good.  Thanks for the tip!
>> 
>> BG
>
>Choose an arcane or a rarely-used script that will not leave doors open to
>widely-known exploits. If the form has identifiers or attributions in it
>(e.g. a footer with link(s) to the homepage of the package, version numbers
>in the header), then remove them. There are automated tool to search for
>such pages and attempt to smash the common back doors.
>
>Failing that, tailor your own form or create a 'mutant' from a common
>successful and reliable script. Taking Advanced Guestbook, for example, I
>once installed it and got spammed every day. I then used a more secure
>derivative to replace it. The outcome: I only got spammed twice in about 6
>months. Saved me /a lot/ of trouble.
>
>Hope it helps,
>
>Roy

Take a look at the formmail program these folks offer.
http://www.oneseek.com/formmail.htm I purchased it several years ago
and have never had a security problem. It also does many things that I
needed automated. It is reasonably priced and they also offer a
freebie version. I have no affiliation to these people other then
being a satisfied customer. 
Best of luck.
Tha RagMan

References:
- Re: How can my cgi form script be used by spammers?!!
  - From: Roy Schestowitz

[Date Prev]	[Date Next]	[Thread Prev]	[Thread Next]

Author Index	Date Index	Thread Index