Comments for A spammer is using my cgiemail, what do I do?

Comment from Brian on 2009-01-03

2009-01-03T15:16:03Z

For a real solution that introduces an optical security feature bundled in a PHP program that is easily implemented and thoroughly documented FOR FREE, go to:
http://www.dagondesign.com/articles/secure-php-form-mailer-script

Regarding question: Is there a way to find all pages that use cgiemail?

Well, the simple way would be to remove all permissions from the cgi-script...then they will come to you when it no longer works!

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rick on 2008-07-06

2008-07-06T16:12:54Z

Thanks for this script, Leo. The only problem that I am having is getting the prefix "required-" to work. I must be missing something, but if the form has a field input name "required-firstName" and the template has [required-firstName] one can still send the form without filing in the first name field.

Other than that, it works great and I love the new parameter prefixes. Thanks.

Rick

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Maryann on 2006-11-28

2006-11-28T22:44:52Z

Hello,

I would like to use tmail.pl but my hosting service does not support it. They say to use the NET::SMTP component, as opposed to Sendmail.

Do you know what that means and how I get around it?

Thanks
Maryann

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-11-02

2004-11-02T21:32:14Z

Don't know if there is one, but this would be the place to start looking: http://web.mit.edu/wwwdev/cgiemail/

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Larry on 2004-11-02

2004-11-02T13:27:28Z

Does anyone have a "patched" copy of cgiemail that I can simply ftp upload to my server to overwrite my existing one? I am not a "c" programmer and don't have a compiler either.

Any help is appreciated.

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2004-07-20

2004-07-20T21:34:03Z

A poorly designed template can still be exploited. Do let me know if you find out something more.

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Jef Spelman on 2004-07-20

2004-07-20T21:26:16Z

Hello,
It has been brought to my attention that tmail is exploitable. I am in the process of working out with my SA where the problem lies, please feel free to contact me via telephone at 407.445.3033x2167. I am available from 4PM-12AM tuesday through saturday.

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from LeoN on 2003-10-18

2003-10-19T05:39:02Z

For the record: tmail.pl is in Perl, and once you download it it's easy to modify and you can do so to your heart's content.

Leo

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Kit Peters on 2003-10-18

2003-10-18T15:16:21Z

Well, by default there's a header field enabled:

"X-Mailer: cgiemail "

If one personally doesn't expect to recieve mail generated by a web form (which, if one doesn't have a website with such a form, is a pretty safe bet) one can add a filter to block mails coming with that particular header.

That's an individual, and not systematic, solution, however. I myself prefer FormMail because the source is more easily modifiable, and you don't have to compile it.

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2003-10-17

2003-10-18T05:46:07Z

"Is there a way to find all pages that use cgiemail?" Not that I'm aware of offhand. Search engine cataloging of the usage of cgiemail is spotty at best, since most of the search engines avoid a lot of dynamic content and/or cgi scripts. Most ISPs are (or should be) on various security mailing lists that have discussed this issue. It's quite common to find cgiemail on ISP provided web hosts, and if they're on top of things, they'll be aware of the problem. Certainly they will be if they get hijacked.

Leo

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Carl Manaster on 2003-10-17

2003-10-18T05:23:12Z

Is there a way to find all pages that use cgiemail? It would be a great service to all of us if someone could find them all and email the webmasters to inform them of the spammer hijacking risk and possible fixes.

]]>

A comment on: A spammer is using my cgiemail, what do I do?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.