[Techtalk] help! what kind of hack is this?

Maria Blackmore mariab at cats.meow.at
Mon May 26 01:59:16 EST 2003

On Sun, 25 May 2003, Carla Schroder wrote:

> I keep getting these odd messages in my inbox- there are absolutely no forms 
> on bratgrrl.com, and I certainly wouldn't use the notoriously insecure Matt 
> Wright's scripts anyway. Anyone know what this means?

Presumably, it means that the machine that is hosting you website has the
formmail script installed.

Indeed the line

> Return-Path: <postmaster at janus.affordablehost.com>

Would suggest this, as would this line

> X-Script-URL: http://bratgrrl.com:80/cgi-bin/formmail.pl

It would appear that your webhost is trying to be "helpful"

$ telnet bratgrrl.com 80
Connected to bratgrrl.com.
Escape character is '^]'.
GET /cgi-bin/formmail.pl HTTP/1.0
Host: bratgrrl.com

HTTP/1.1 200 OK
Date: Mon, 26 May 2003 00:52:06 GMT

Indeed, formmail.pl is one of the most requested addon services for web
hosting, where I work.  So much so that we insist on customers using our
own version with extra safeguards, instead of installing their own (and
slapping the wrists of those that do install their own :)


More information about the Techtalk mailing list