HAS ANYONE EVER RECEIVED THIS EMAIL, OR IS THAT A VIRUS IN DISGUISE? SHOULD I FOLLOW THESE DIRECTIONS? CAN ANYONE ADVISE ME ABOUT THIS?
-----BEGIN PGP SIGNED MESSAGE-----
I have located a form to mail script written by Matt Wright (version
1.5, 1.6 or 1.7) on one of your sites. This script can be abused to
send large amounts of spam from our network. We’ve already made several
announcements about this vulnerability in the past.
Please upgrade or disable the script within 24 hours, as I will be going
through and disabling all of these scripts tomorrow. Renaming the
file(s) is not acceptable - you must either remove it, or make it
non-executable (chmod -x filename). If you’re not sure where the file(s)
in question are located, please type (from the command line):
find . -iname formmail* -ls (from your home directory).
- Upgrade the script before changing the permissions back, or
- Disable the script completely. This does not mean renaming it - you
must leave it non-executable and / or remove it completely. or
- Switch to our formmail script at http://formmail.dreamhost.com/
There’s a revision of version 1.9, which has been patched against
security holes at:
Alternatively, you might wish to use the script we’re using a modified
version of. It’s intended as a drop in replacement for the original
script, but is written better (and recommended by Matt Wright, author of
the most commonly used / abused formmail script. This can be found at:
Lastly, please note that this type of script is designed to send
information and not credit card information (or other sensitive data).
You should not use such a script to receive sensitive information via
unencrypted email, even if (especially if) the script is located on a
Please write firstname.lastname@example.org (along with your machine username) if you
don’t know where the problem scripts are located or if you have any additional
questions or concerns.
Dreamhost Abuse Team
email@example.com / http://www.dreamhost.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: public key: http://dreamhost.com/pgp/william.asc
-----END PGP SIGNATURE-----