RootsWeb Mailing List Archives

RootsWeb.com Mailing Lists

Home

Results for list 'eudora-mail'

Sender

Subject

Content

Total: 1/1

1. [EUDORA] New Website FormMail Threat (Also Applicable to List Managers)
2. George W. Durman
3. A few days ago, I received an email with the Subject: Re: unsubscribe, and only one word in the body, "unsubscribe". The sender did not indicate from which List he wished to be unsubscribed. I searched through the user lists for the 21 Lists I manage and couldn't find his address. So, I replied to him, asking for clarification. (The "unsubscribe" email came to me privately, not through Rootsweb.) Today I received a reply from him explaining what had happened. I still don't know how the "FormMail Threat" works, but somehow it can "spoof" email addresses. Heaven knows why anyone would want to spoof an unsubscribe email! It's not clear if the email I received was generated as a result of someone scanning my website at Rootsweb or the website of the person whose address was "spoofed". If anyone knows anything about this, please reply here for benefit of us all. Below is an extract of the pertinent part of the email I received. SgtGeorge ============================================ ,,,,,,,,,, New Threat #1 Reader Mort Goldberg sent me a "heads up" note about two new threats, one of primary interest to people with their own web sites, and one that potentially affects us all. First, here's the one that affects site owners: 1) Formmail Vulnerability During the past few weeks, there has been a flood of spam being relayed through innocent third-party webservers all over the world. The problem turns out to be a security hole in the widely used Matt Wright formmail.pl PERL Script. Briefly, spammers have discovered that the unmodified script is vulnerable to spoofing of the HTTP_REFERER value. The effect of this hack is to turn the script into an anonymizing open relay. Apparently, some script kiddie has even come up with a program to rapidly scan websites and pinpoint those with vulnerable formmail scripts. ... It is possible to patch the formmail script, and I have heard from a couple of webmasters fluent in PERL who have done so. However, according to well-known anti-spammer and UNIX expert [and LangaList reader] Suresh Ramasubramanian the best course of action is to abandon formmail entirely and change to an alternative. (His exact words "Ditch formmail.pl - even if you patch it it won't work too well and there are other holes.") There are at least three alternatives of which Suresh is aware. One of these, available at http://www.bignosebird.com/, is, according to Suresh, also very easy to hack. He likes a second one, available at http://www.extropia.com/freedownloads.html (also called "Selena Sol") a little better. But his best recommendation is the "mailer" script available at http://www.geekgiveaways.com/code/ . I have looked over the documentation at http://www.geekgiveaways.com/code/mailer.html , and from what little I know, it *does* seem to be designed from the git-go to be far more resistant to hacking than formmail. However, it also appears to be considerably more trouble than formmail to set up. Definitely not for newbies.
06/01/2001 05:02:28