dnsbl.net.au Helping you block invalid E-mail

HOME LOOKUP REMOVE SUPPORT GRAPHS REJECTIONS STATUS FAQ TESTING FEEDBACK TYPES LINKS
REGISTER SUBSCRIPTION MEMBERS FIREWALL | pdl orid ahbl wpbl ucepn spews probes spamsites dsbl sorbs |
| t1 | rddn ahrh orrh jwrh | rmst ricn rdts | osrs omrs osps ohps owps owfs | spamhaus ordb |

owfs.dnsbl.net.au

Open Web Form Server Block List

servers which have open and able to be abused, Web Based form CGI or ASP scripts, which are being abused, are listed here.

Consists of collections of domain named hosts or IP address networks, which are being abused by spammers, due to them running insecure feedback form scripts on that server.

Generally, the most often abused software seems to be the FormMail.pl script.

This script seems to be immensely popular, and is found everywhere.

It is available here with new, updated versions, which close SOME OF THE SECURITY PROBLEMS, but not all. See below.

To quote Matt ... 

Security Update -- Version 1.9 -- August 3, 2001
Any users who are using the popular version 1.6 
or the recently released version 1.7/1.8, should 
upgrade immediately. The new version prevents 
unwanted anonymous spamming through your 
implementation of FormMail and also prevents 
unwanted access to environment variables. If 
you are having problems receving e-mail and using 
the redirect variable, version 1.9 should cure 
that as well. The new script has two extra arrays 
you must now define, but will not affect current 
forms or the way they appear after having been 
submitted.
UPGRADE IMMEDIATELY!

Date:         Wed, 23 Jan 2002 20:22:27 -0800
Sender: Spam Prevention Discussion List 
From: "Ronald F. Guilmette" 
Subject:  MISC,BLOCK: Anonymous Mail Forwarding 
	  Vulnerabilities in FormMail 1.9

A Postscript version of my security advisory for FormMail 1.9 may be
viewed at:

        http://www.monkeys.com/anti-spam/formmail-advisory.ps

formmail-advisory.pdf

formmail-advisory.ps


(I would post the whole thing here, but it's too big.)

SUMMARY: FormMail 1.9 is the functional equivalent of an anonymizing
open mail relay.

An entertaining working demonstration of a 100% client-side Javascript
exploit for older and already well-known FormMail 1.6 version security
flaws may be found at:

        http://www.monkeys.com/formmailer/

Use this at your own risk!  And read the documentation before doing so!
(If you get busted using it, that's 100% YOUR PROBLEM.)

A revised version of FormMail 1.9 (which I am calling 1.9s) which is
believed to be free of any and all of the security flaws described in
the advisory below is now available at:

        ftp://ftp.monkeys.com/pub/formmail/1.9s/

This version is only being supplied for the benefit of those few sites
that are, due to a total lack of programming talent, absolutely and
totally unable to simply remove FormMail and replace it with their own
locally-implemented replacement script.  WARNING:  This alternative
version of FormMail HAS NOT BEEN CODE REVIEWED AND HAS NOT EVEN BEEN
TESTED.  There is NO WARRANTY, either express or implied.  I have been
totally unable to even get into contact with the original FormMail
author, so you may be sure that he has not even seen this (1.9s)
version of his script.

My apologies for the length of the advisory, but there was a lot of
stuff to talk about.  I hope that this will help future implementors
of ``contact us'' type CGI scripts to avoid a lot of pitfalls.


Regards,
rfg

These servers come to our attention usually by being sent to our spamtrap addresses, and then being detected by our SpamAssassin antispam software.

These email spams are normally spotted because they start with the sentence
Below is the result of your feedback form. It was submitted by
and it is normally plainly, and clearly, spam.
dnsbl.net.au abuse [at] dnsbl [dot] net [dot] au