In an effort to thwart spammers, I've replaced /cgi-bin/formmail.pl with a script containing the code below. (Yes, I'm running the latest version of NMS FormMail.pl under a different name)
In the past 18 hours I've gotten 273 spam attempts, the problem is that there are 211 unique REMOTE_ADDR Is the SPAM mob so widely distributed or is the REMOTE_ADDR spoofable? Since there are only 8 subjects for the SPAM, I'm guessing the former.
sub lDump_CGI_Info {
$file = shift;
if ( !open( FH, '>>', $file ) ) { print "couldn't open $file\n"; r
+eturn; }
my $cgi = new CGI;
my $key;
foreach $key ( sort keys %ENV ) {
my $spaces = ' ' x ( 30 - length($key) );
print FH "$key $spaces $ENV{$key}\n";
}
print FH "\n\n";
no strict;
$cgi->save(FH);
use strict;
}
__DATA__
CONTENT_LENGTH 1343
CONTENT_TYPE application/x-www-form-urlencoded
DOCUMENT_ROOT /home/sites/lctc/doc_root
GATEWAY_INTERFACE CGI/1.1
HTTP_ACCEPT */*
HTTP_CONNECTION Close
HTTP_HOST www.lctc.org
HTTP_PROXY_CONNECTION Close
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 6.0; Win
+dows 98; AIRF;
.NET CLR 1.0.3705)
HTTP_VIA WebSTAR Proxy (3.0b)
PATH /usr/local/bin:/usr/bin:/bin
QUERY_STRING
REMOTE_ADDR 216.20.52.200
REMOTE_PORT 52072
REQUEST_METHOD POST
REQUEST_URI /cgi-bin/FormMail.pl
SCRIPT_FILENAME /home/sites/lctc/cgi-bin/FormMail.pl
SCRIPT_NAME /cgi-bin/FormMail.pl
SERVER_ADDR 10.0.0.5
SERVER_ADMIN webmaster@lctc.org
SERVER_NAME www.lctc.org
SERVER_PORT 80
SERVER_PROTOCOL HTTP/1.0
SERVER_SOFTWARE Apache/1.3.26 (Unix) Debian GNU/Linux
+mod_perl/1.26 P
HP/4.1.2
TZ US/Eastern
UNIQUE_ID Paf5YQoAAAUAACurNxQ
email=jettaqp%40hindin.com
realname=jettaqp%40hindin.com
recipient=%3Cbrucevani%40ameritech.net%3Ewww.lctc.org%2C%3Cbrucew%40ho
+ngkong.com%3Eww
w.lctc.org%2C%3Cbrucewayne%40integraonline.com%3Ewww.lctc.org%2C%3Cbru
+cewerk%40hotmai
l.com%3Ewww.lctc.org%2C%3Cbrucewherlock61%40hotmail.com%3Ewww.lctc.org
+%2C%3Cbrucewhet
ton%40msn.com%3Ewww.lctc.org%2C%3Cbrucewhite%40msn.co%3Ewww.lctc.org%2
+C%3Cbrucewho%40
aol.com%3Ewww.lctc.org%2C%3Cbrucewicks%40roadrunner.nf.net%3Ewww.lctc.
+org%2C%3Cbrucew
ray%40home.com%3Ewww.lctc.org%2C%3Cbrucewynn%40hotmail.com%3Ewww.lctc.
+org%2C%3Cbrucey
.gib%40aol.com%3Ewww.lctc.org%2C
subject=HAHAHAH%20LOL%20%20%3A%29
p28=%0D%0A%0D%0AHey%20it%27s%20Amber%20from%20school.%0D%0AI%20am%20ju
+st%20E-Mailing%
20everyone%20I%20know%20to%20inform%20you%20about%20this%20SLUT%20kris
+tina%20from%20s
chool.%20%20She%20has%20a%20Webcam%20set-up%20for%20my%20Boyfriend%20M
+att%20and%20she
%20sits%20there%20Naked%20in%20her%20room%20for%20him%20all%20day.%20%
+20FUCK%20That%2
0Whore%21%20%20Im%20Telling%20Everyone%20about%20her%20Webcam%21%20%20
+Here%20is%20the
%20Address%3A%20http%3A%2F%2Fwww.terra.es%2Fpersonal9%2Flatinhoney%2F%
+20%20%20%20%3C%
2Fa%3E%20a%20href%3D%22http%3A%2F%2Fwww.terra.es%2Fpersonal9%2Flatinho
+ney%2F%22%3E%20
Click%20Here%21%20%3C%2Fa%3E%20%20%20%20%20%20Go%20See%20This%20SLut%2
+0for%20Yourself
%21%20%20%20Thanks%20for%20helping%20me%20embarass%20this%20HO%21%20%2
+0%3A%29%0D%0A%0
D%0A%3C3%20AmBeR%20%3C3%0A%0A%0A%0A%0A%0A%0A%0Abdd
=