From: Robert Wall <rwall@li...> - 2006-05-28 22:25:04
"Eek!" - my sentiments exactly, followed by "Oh NO!". Sorry to muck up your
Yes, the form is in cgi-bin/ (parallel to the httpdocs/ which is the root
of the browseable web site),
and the config is "res.trc", also in cgi-bin. According to Easily, the
"To browse files in the cgi-bin directory,
http://www.domain.com/cgi-bin/filename. Please note that the specific URL
http://www.domain.com/cgi-bin/ is NOT browsable. "
(There's also a "dep.trc" which is the config for a form (deposit.php) for
taking a credit card number and encrypting the details, but that's a php
page and the filename isn't published. So far, they haven't found it).
I'm having trouble seeing how a session key might help. If I were writing a
program to do what my spammer is doing, I'd parse the web form to gather
the field names data, then respond in a way that, from my server's end,
looks just like a browser and will (or could be made to once they realise
there's something unique) have the same functionality. So won't it return
the session key just the same? Surely it will tomorrow if not today. I
admit while my thoughts were along the lines of:
[fieldlist] includes [any from a list of spam phrases]
issue a 403 error (or whatever) and die
I can readily see more than a few reasons for you to want not to go down
this route, after all it's duplicating an email spam filter.
I've had 2 spams, both from the same IP address, shortly after I swapped to
TFMail and before I moaned to leaseweb. It looks as if they acted promptly
because I've seen nothing more since midday today (and there were three to
the old Formmail yesterday morning).
I think it might be an idea to suggest in the documentation to always put
the IP address in the email as an anti-spam device.
Many thanks (so far - I have a nasty feeling this will run and run . . . )
Robert Wall BSc CEng MIEE
Chartered Electrical Engineer
472 Walsall Road
Birmingham B42 2LU
T: +44 (0) 121 356 5375
(Ensure you include the phrase "(EGBB)" in the subject line of your reply,
otherwise it will be rejected as Spam)
On 28/05/2006 14:37:20, Jonathan Stowe (jns@...) wrote:
> On Sun, 2006-05-28 at 06:23, Robert Wall wrote:
> > Further to my recent msg re Spam via FormMail,
> I've converted to
> > TFMail v1.38 and within 20mins was spammed. Each of the text fields
> > have been filled in with "[url=http .... [/url]"
> > Here's
> the email that TFMail sent me:
> Eek! And you uploaded the program as TFmail.pl
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006