[Nms-cgi-devel] FormMail and spam

[Jonathan S. <gel...@ge...>]

Over the next while I am going to put in a number of potentially
incompatible-with-matts-code changes into FormMail.pl that are designed to
prevent as far as possible someone who installs this program becoming the
unwitting pawn of spammers.  These are switched on by setting $secure in
the configuration - setting $emulate_matts_code will switch them off -
there should be a caveat in the documentation.

The first change I have here is to compare the actual IP of the referering
host with any IP numbers in @referers - the aim of this is to encourage
people to use this check where it would otherwise be difficult (say in a
shared hosting environment where one script is used by multiple virtual
hosts).  I am quite aware that the referer is trivially spoofed if one is
creating ones own HTTP request however this check is probably sufficient
to prevent the more naive attempts to use the program as an anonymous
mailer.

The code I have put in is only a suggestion - if anyone has a better
implementation then feel free to fix them.

/J\
-- 
Jonathan Stowe                      |
<http://www.gellyfish.com>          |      This space for rent
                                    |