Resources For MultiMedia Technologies

For MultiMedia Technologies


Spammers Hackers Abuse Your

Are Spammers and Hackers Abusing Your Perl Script
Eating your bandwidth and worse, bringing your site down and exploiting your good name?
Have you recently received spam which appears to have been sent by an innocent third party's computer, and in which the spammer's message is surrounded by lines of hyphens and/or says that it's the content of a "feedback form?" If so, the spam probably came from a spammer-turned-hacker who exploited a bug in a CGI script called FormMail.

For years, a programmer named Matt Wright has generously shared his CGI scripts--small programs that cause a Web page to respond to a user's input. One of his most popular creations is a Perl script called, which allows surfers to send e-mail to the operator of a Web site via an Internet form.

Unfortunately, early versions of are not secure. If they are sent an altered form instead of the one posted on the Web site, they cause the Web server on which they run to send mail not just to the owner of the site but to any number of other addresses. Spammers have discovered this flaw and have created automatic tools that scan Web servers for the vulnerable script. If a flawed version of FormMail is found, the spammer's computer uses it to distribute spam far and wide.

If you're a Webmaster, you can recognize when spammers are probing your system for the vulnerability by looking for log entries containing the strings "" or "formmail.cgi". If your system is using one of the old, insecure versions of the script, and you see requests whose URLs contain foreign addresses (e.g. "&"), you can be sure that your server is being exploited to send spam. To close the hole, upgrade to the latest version of the FormMail script.