Just would like to find out if anybody else has had this happen before… I rec’d an email to one of my DH accounts today which read as follows:
I use the PHP version of formmail which is available at http://www.dtheatre.com/scripts/formmail.php, and since this happended I’ve applied the version 4.2 patch Jack describes for preventing a ‘spoofing’ or ‘spamming’ problem the old script appeared to have.
The thing is, I don’t think this spoofing problem is the problem; I don’t have the formmail.php setup to send along the REMOTE HOST or BROWSER variables, nor do I have it setup to allow file submissions (OK, to my knowledge it’s not setup to do that – you can see the form(s) in question at http://www.gilkison.net/comments.html or http://genes.gilkison.net/comments.html). I’ve also searched everywhere in my file space for a “washere.txt” file, and I don’t find any.
Is this just a script kiddie trying to impress me, or could I potentially have a hole still open in the formmail.php script? (BTW, the “To:” address was actually to a valid email address at my domain, I’d just prefer not to post it if not necessary)