formmail.pl: What is it and/or where to get it?

Discussion in 'HTML' started by martin weinberger, Feb 8, 2004.

  1. Hi all,

    I was using FrontPage 2002 but upgraded at somepoint to Dreamweaver.
    Anyways, I was looking at my website logs and noticed a whole bunch of error
    pages being shown everyday. The webhost company came back and said that is
    because of the missing file

    /cgi-bin/formmail.pl

    I did a search inside all of my webpages, but the search turned up nothing
    for "formmail.pl". I did a Google search and it appears that ".pl" means
    that the file in question is a Perl script that that this file deals with
    web email. I have email links on my site, but... Where am I supposed to get
    this file and its dependancies or better yet how do I get my website to not
    want this file and its dependancies.

    Thanks a lot in advance. I'm sorry if this quesiton sounds stupid, but there
    is still much that I don't know about HTML and web design.

    --
    Martin A. Weinberger
    ButterflyVista
    http://www.butterflyvista.com/
    (when responding to me by email, remove the "X_" from the beginning)
    martin weinberger, Feb 8, 2004
    #1
    1. Advertising

  2. martin weinberger

    Nik Coughin Guest

    martin weinberger wrote:
    > Hi all,
    >
    > I was using FrontPage 2002 but upgraded at somepoint to Dreamweaver.
    > Anyways, I was looking at my website logs and noticed a whole bunch
    > of error pages being shown everyday. The webhost company came back
    > and said that is because of the missing file
    >
    > /cgi-bin/formmail.pl
    >
    > I did a search inside all of my webpages, but the search turned up
    > nothing for "formmail.pl". I did a Google search and it appears that
    > ".pl" means that the file in question is a Perl script that that this
    > file deals with web email. I have email links on my site, but...
    > Where am I supposed to get this file and its dependancies or better
    > yet how do I get my website to not want this file and its
    > dependancies.
    >
    > Thanks a lot in advance. I'm sorry if this quesiton sounds stupid,
    > but there is still much that I don't know about HTML and web design.



    You neither have nor need it. The reason it shows up in your error logs is
    that people who send mass spam are trying to use your site to forward spam
    email. Because you don't have it (formmail.pl), they cannot do so and when
    they try to access it it shows an error in your log.

    From http://www.mailvalley.com/formmail/:

    "Formmail.pl, one of the most-used perl scripts on the Web, is designed to
    send data entered into a Web form to an e-mail address. This script could be
    exploited by a malicious user who could use Formmail as a spam server. If
    you use this script, spammers may be able to use it to send spam freely
    using your server's resources.
    A L E R T !!!
    Formmail exploit is getting worse day by day. The real horror is that you
    may not even know if your server is exploited or not. A spammer can exploit
    your formmail script to flood thousands of Internet users with junk mail.
    The mail header will show your domain name and not even the spammer's IP
    address. Unfortunately, The recipient of spam will yell at you and not at
    the spammer. Such incidents have already been reported."
    Nik Coughin, Feb 8, 2004
    #2
    1. Advertising

  3. Wow! I should do nothing then?

    Thanks!

    --
    Martin A. Weinberger
    ButterflyVista
    http://www.butterflyvista.com/
    (when responding to me by email, remove the "X_" from the beginning)
    martin weinberger, Feb 9, 2004
    #3
  4. martin weinberger

    Nik Coughin Guest

    martin weinberger wrote:
    > Wow! I should do nothing then?
    >
    > Thanks!


    Yes, best to do nothing. There are a lot of files like this that people
    will request from your website in order to try and compromise your security,
    so keep that in mind in future when you see similar error messages in your
    log :)
    Nik Coughin, Feb 9, 2004
    #4
  5. martin weinberger wrote:

    > Wow! I should do nothing then?


    Yep.

    Your website doesn't seem to need formmail.pl, so why worry about it?

    The number of hits you are getting for it is probably just spammers
    loooking for a copy of it, because certain early versions of formmail.pl
    can be used to relay spam.

    --
    Toby A Inkster BSc (Hons) ARCS
    Contact Me - http://www.goddamn.co.uk/tobyink/?page=132
    Toby A Inkster, Feb 9, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. lokisapocalypse

    formmail

    lokisapocalypse, Feb 2, 2004, in forum: Perl
    Replies:
    2
    Views:
    804
    Oliver Frick
    Feb 4, 2004
  2. Kurt
    Replies:
    1
    Views:
    527
    Gunnar Hjalmarsson
    Apr 1, 2004
  3. Craig

    FormMail.pl error

    Craig, May 7, 2004, in forum: Perl
    Replies:
    0
    Views:
    839
    Craig
    May 7, 2004
  4. Hmmm...
    Replies:
    4
    Views:
    2,080
    ChrisO
    Sep 6, 2004
  5. Olen R. Pearson

    FormMail Problem

    Olen R. Pearson, May 23, 2005, in forum: Perl
    Replies:
    0
    Views:
    2,811
    Olen R. Pearson
    May 23, 2005
Loading...

Share This Page