Some wise thoughts mentioned in passing in this thread brought back a painful memory.
About 17 months ago. I got called in from vacation because the mail spool was filling up with bounced spam. In about an hour our 200MHZ box had gotten about 600 bounces of mis addressed spams.
Looking at the headers, it wasn't hard to narrow the problem down to a very early version of NMS FormMail.pl that I had installed. I guess my life is pretty good that this rates as one of its suckier moments.
I pulled the script. Then I upgraded to a later more secure version of NMS (checking the release notes!), I renamed the new script to SomethingElse.pl and pasted the following into FormMail.pl
#!/usr/local/bin/perl -w # dummy script to honeypot Spammers use strict; use CGI; my $foo=new CGI; print $foo->header(); print "\n"; my $file="../upload/crack/fake/$$"."_".time().".txt"; Dump_CGI_Info($file); sleep(5); # takes current form and environment values # and dumps htem to a file sub Dump_CGI_Info { $file = shift; if ( !open( FH, '>>', $file ) ) { print "couldn't open $file\n"; r +eturn; } my $cgi = new CGI; my $key; foreach $key ( sort keys %ENV ) { my $spaces = ' ' x ( 30 - length($key) ); print FH "$key $spaces $ENV{$key}\n"; } print FH "\n\n"; no strict; $cgi->save(FH); use strict; }
I get probed every couple weeks. I guess it isn't hard to google for "formmail.pl" and (sadly) I can imagine system administrators with even less clue than me and my crew. Some folks might not notice much more than a sudden and permanent increase in disc activity...
update: fixed typos
In reply to FormMail.pl trauma memories by mandog
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |