The war on Spam

**NexDog** · 04-16-2002, 09:27 AM

The war on spam is long and arduous and we are going to start getting tough. Obvious people signing up for the cheapest plan and immediately mailbombing happens every now and then but they are caught quickly and measures are taken.

There is another problem: Formmail.

At the moment spam is relaying through Beta particularly heavily. Alpha seems to have quietened down a little but the spam is still there.

This is everyone's problem!

Spam will slow the mail server down and enough spam gets through, it's only a matter of time until our IPs get blacklisted. Spammers are exploiting your formmail scripts, in particular Matt's Archive Formmail 1.6. If you are using this script, upgrade to 1.9 immediately. 1.6 is totally exploitable.

There are 97 instances of formmail on Alpha and 42 on Beta. Alot are Matt's scripts. It's time to start locking down these scripts. Upgrading that script, if you have it, will help.

If you have a custom script, you should send it to us for a security review.

mobstory · 04-16-2002, 09:52 AM

I don't have any form mail installed but I used to use alienform. Are you aware of any problems with that program before I set it up?

Fox · 04-16-2002, 11:27 AM

Is our very own HN Mike's Simple Form a problem at all?

miro · 04-16-2002, 12:22 PM

Quote:

it's only a matter of time until our IPs get blacklisted

I have already had email bounce more than once from spam-blockers

smort · 04-16-2002, 04:54 PM

I had bounced email with my PREVIOUS web host due to their being blacklisted. I've had no problems here with email, and don't use form mail. I'm not even sure what that is!

**Mike** · 04-16-2002, 09:45 PM

Fox and Everyone Else,

The SimpleForm CGI script available here is reasonably secure. I had built in spam protection when I made it.

- Mike

Nelix · 04-17-2002, 05:34 AM

Any chance of an Official PHP formail script any time soon???

**NexDog** · 04-17-2002, 07:15 AM

Not PHP but Matt's Archive Scripts Formail ver1.9 is secure for now.

Nelix · 04-17-2002, 08:17 AM

my formail is setup so that it doesnt have a receipant email address field - it is just sent to my email address.
could this still mean ppl could u it for spamming???

Darkman · 04-17-2002, 08:12 PM

Matt's Archive Formmail has been revised for PHP as well, and its secure as well... its avaiable to download...