Ow, he bit me with my own teeth!

A while back I mentioned that I was getting spammed like crazy through a formmail.dreamhost.com form that I had set up on one of my sites.

Well, I took that form down months ago, and all this time I’ve still been getting spammed from the old form somehow. I finally decided to post in here and ask for help and insight.

The spam messages actually show the location of the script in the headers, like this:

Received: from [] by formmail.dreamhost.com (NMS FormMail 3.14c1) with HTTP; Fri, 27 Oct 2006 21:15:56 GMT (script-name /cgi-bin/formmail.cgi) (http-host formmail.dreamhost.com)

… and the X-Mailer header shows this: NMS FormMail 3.14c1

I’m not any kind of expert on this stuff. I have just enough understanding of it to know that there’s something weird about that script letting someone use it to spam me.

The spam messages themselves are contained entirely within the Subject header. The rest of the message is blank apart from what the script normally says about the message, you know, “below is the result of your feedback form,” and so on.

Does anyone have any ideas about what’s going on?

Was there some additional layer of security on my own form that I might not have implemented?

In the meantime I’m going to just put in a filter in my mailboxes area to weed these out, but for the future I’d like to know if I can use the formmail script at formmail.dreamhost.com without having to worry about spammers turning it against me.

You cannot turn a form off - once you publish the form page, anyone may make a copy and use it in the future. There are no methods implemented that allow one to limit when messages can be sent. Worse you don’t even need to have published a form page in the first place. There is no opt-in for the formmail script.

:cool: [color=#6600CC]Atropos[/color] | openvein.org