[Techtalk] help! what kind of hack is this?
Maria Blackmore
mariab at cats.meow.at
Mon May 26 01:59:16 EST 2003
On Sun, 25 May 2003, Carla Schroder wrote:
> I keep getting these odd messages in my inbox- there are absolutely no forms
> on bratgrrl.com, and I certainly wouldn't use the notoriously insecure Matt
> Wright's scripts anyway. Anyone know what this means?
Presumably, it means that the machine that is hosting you website has the
formmail script installed.
Indeed the line
> Return-Path: <postmaster at janus.affordablehost.com>
Would suggest this, as would this line
> X-Script-URL: http://bratgrrl.com:80/cgi-bin/formmail.pl
It would appear that your webhost is trying to be "helpful"
$ telnet bratgrrl.com 80
Trying 216.46.203.144...
Connected to bratgrrl.com.
Escape character is '^]'.
GET /cgi-bin/formmail.pl HTTP/1.0
Host: bratgrrl.com
HTTP/1.1 200 OK
Date: Mon, 26 May 2003 00:52:06 GMT
Indeed, formmail.pl is one of the most requested addon services for web
hosting, where I work. So much so that we insist on customers using our
own version with extra safeguards, instead of installing their own (and
slapping the wrists of those that do install their own :)
Maria
More information about the Techtalk
mailing list