Just would like to find out if anybody else has had this happen before... I rec'd an email to one of my DH accounts today which read as follows:

In reply to:

---

Subject: Form submission
From: dfds@fdsf.fr
Date: Tue, June 3, 2003 12:57 pm
To: me@mydomain.net

What_you_think_about_me: sdfsdfsdf
Uploaded File: ./washere.txt

------ eviromental variables ------
REMOTE HOST:
BROWSER:

---

I use the PHP version of formmail which is available at http://www.dtheatre.com/scripts/formmail.php, and since this happended I've applied the version 4.2 patch Jack describes for preventing a 'spoofing' or 'spamming' problem the old script appeared to have.

The thing is, I don't think this spoofing problem is the problem; I don't have the formmail.php setup to send along the REMOTE HOST or BROWSER variables, nor do I have it setup to allow file submissions (OK, to my knowledge it's not setup to do that -- you can see the form(s) in question at http://www.gilkison.net/comments.html or http://genes.gilkison.net/comments.html). I've also searched everywhere in my file space for a "washere.txt" file, and I don't find any.

Is this just a script kiddie trying to impress me, or could I potentially have a hole still open in the formmail.php script? (BTW, the "To:" address was actually to a valid email address at my domain, I'd just prefer not to post it if not necessary)