httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "M.v.Buytene" <mart...@sigterm.nl>
Subject RE: formmail.pl and redirection
Date Tue, 12 Mar 2002 21:09:10 GMT
He cant hardcode recipients into his formmail.pl.
He wants to rewrite customers formmail.pl's and dont knows who the
customers recipients i guess. I bet he does the antispam after the
formmail.pl
with a nifty senmail cfg.


Regards,

M.v.Buytene

On Tue, 12 Mar 2002, Joshua Slive wrote:

>
> > From: Mike [mailto:mike@ironmikie.nl]
>
> > The formmail.pl resides on
> > scripts.test2.nl/cgi-bin/formmail/formail.pl actually.
> >
> > I did add www.test.nl to the @referer with ip and i added it to
> > the hosts file. But this is the test case. Actually it must work
> > with more then 1000 virtual domains.
>
> I have not looked at this exact script, but I hope you realize that blocking
> access to formail.pl by referer is completely pointless.  Any two-bit hacker
> can fake the referer header.  Any two-and-a-half-bit hacker can design a
> robot to find references to formmail.pl on webpages and automatically fake
> the correct referer header.
>
> The only safe way to do a mailto cgi as far as I know is to hardcode the
> recipient into the script.  Otherwise, you are just inviting spammers to
> abuse you.
>
> Johsua.
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message