Current time: 04-19-2014, 10:43 PM Hello There, Guest! (LoginRegister)

Post Reply 
HEEELP!!!
06-20-2006, 11:40 AM
Post: #1
HEEELP!!!
Hi all,
I've been a DH customer for 6 years now, but never used the forum (duh)... anyway, hello all, and I need your help! I'm getting this message from a form on my clients website:

"Bad Referrer - Access Denied
The form attempting to use this script resides at http://www.aliconferences.com/register.htm, which is not allowed to access this program.
If you are attempting to configure FormMail to run with this form, you need to add the following to @referers, explained in detail in the README file.
Add 'www.aliconferences.com' to your @referers array."

Now, this form has worked and I have not changed anything. How do I fix it and anyone know how this could happen?

Thanks!
Find all posts by this user
Quote this message in a reply
06-20-2006, 01:37 PM
Post: #2
HEEELP!!!
FormMail got updated, I hope. FormMail has to be the most abused script on the Internet.

Sounds like now it's making sure you're coming from the correct website before submitting the form.

One of the issues with the FormMail script is that it's being abused (extensively) to send out spam. If you can use another form, please do. If your email isn't hard coded in the script, please do that asap.

When I see somebody running FormMail, I cringe....I hope you have it properly secured...

---
yerba# rm -rf /etc
yerba#
Find all posts by this user
Quote this message in a reply
06-20-2006, 02:27 PM
Post: #3
HEEELP!!!
Quote:Sounds like now it's making sure you're coming from the
correct website before submitting the form.

We actually patched our form-mail implementation years ago for this very reason. As far as I know our script has not been abused/exploited in years.

- Jeff @ DreamHost
- DH Discussion Forum Admin
Visit this user's website Find all posts by this user
Quote this message in a reply
06-20-2006, 03:08 PM
Post: #4
HEEELP!!!
Quote:We actually patched our form-mail implementation years ago for this very reason. As far as I know our script has not been abused/exploited in years.
You do know that the HTTP_REFERER is easily changeable, right? It's not a secure way to stop exploitation. ^_^

The only way to properly secure a form-mail script is to force the "To:" address into the script and remove any and all new lines from fields you do not expect new lines (email address, subject .. anything but the main body).

---
yerba# rm -rf /etc
yerba#
Find all posts by this user
Quote this message in a reply
06-20-2006, 04:23 PM
Post: #5
HEEELP!!!
So Jeff, How do I fix this problem? According to the error I get

( If you are attempting to configure FormMail to run with this form, you need to add the following to @referers, explained in detail in the README file.
Add 'www.aliconferences.com' to your @referers array. )

where do I find this READ ME file, and where do I add the http://www.aliconferences.com to the @referrers array?!?

Thanks!
Find all posts by this user
Quote this message in a reply
06-21-2006, 04:54 PM
Post: #6
HEEELP!!!
Is the domain in question actually being hosted by Dreamhost? A whois lookup says it's being hosted by SBC/Ameritech ( http://whois.domaintools.com/aliconferences.com ) I'd imagine this is why you're getting the error, because the script is doing its job and rejecting requests from domains not hosted by DH.

If the hosting was just transferred to DH, it's probably not going to work until the nameserver change propagates. If your client was supposed to make that change, you might want to check that they actually did it.
Find all posts by this user
Quote this message in a reply
06-21-2006, 06:24 PM
Post: #7
HEEELP!!!
No, its not hosted my dreamhost. It is SBC. I just don't know why all of a sudden the script isn't working. I've got the form being submitted to an e-mail addy on my website, and it's forwarded to my clients e-mail Up until yesterday, it was working fine!
I just don't understand how it all works, and I'm confused!
Thanks for the reply.
Find all posts by this user
Quote this message in a reply
06-21-2006, 07:44 PM
Post: #8
HEEELP!!!
It was changed to prevent exactly what you were doing:

Quote:<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST" name="registerconf" onSubmit="MM_validateForm('email','','R');return document.MM_returnValue">
<input type=hidden name="recipient" value="ali@sarasweeney.com">
You see, spammers use FormMail.cgi as vessel for sending spam. See, what they do is create a script, on another site, pointing to "formmail.cgi" and they submit THOUSANDS of requests changing "recipient" for each one.

Tada! Virtually untraceable spam bot!

So, unless you have direct access to formmail.cgi don't expect it to work. ^_^

How to fix it: edit formmail.cgi, look for the variable @referers, and add your domain into that variable. Should look something like:
@referers = ('mydomain.com', 'anotherdomain.com');

That's the only way to fix this .... (really ... uh huh ... hmm,. Jeff, your folks really should put in a fool proof fix. Wink )

---
yerba# rm -rf /etc
yerba#
Find all posts by this user
Quote this message in a reply
06-21-2006, 07:46 PM
Post: #9
HEEELP!!!
Quote:We actually patched our form-mail implementation years ago for this very reason. As far as I know our script has not been abused/exploited in years.
teehee ... If your script still accepts the "To:" address within a hidden field, I can assure you, it's still being exploited. ^_^

---
yerba# rm -rf /etc
yerba#
Find all posts by this user
Quote this message in a reply
07-09-2006, 02:01 AM
Post: #10
HEEELP!!!
I recently added a subdomain (about a day ago) that has a formmail forms on it. Unfortunately, I'm still getting this error when I submit a form from it. Also, submitting forms from sites like Facebook and MySpace used to work using the "<form action="http://formmail.dreamhost.com/cgi-bin/formmail.cgi" method="POST">" line, but now it doesn't.

I don't think us mortal users have access to "formmail.cgi", so how do we go about fixing this error?
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: