Posted by PeterMcC on 07/06/06 10:12

Paul H wrote in
<3o2dnRptQ4K2QTHZRVny2w@eclipse.net.uk>

> "PeterMcC" <peter@mccourt.org.uk> wrote in message
> news:44acce63$0$984$ed2619ec@ptn-nntp-reader01.plus.net...
>> Paul H wrote in
>> <H_idnRhMgdi3WTHZnZ2dnUVZ8qednZ2d@eclipse.net.uk>
>>
>>> I am using the latest version of FormMail.pl on a standard web form.
>>> I am getting dozen of emails a day that have been send via the
>>> webform, probably using a bot (so I am told).
>>>
>>> How can I stop this?
>>
>> If it's the FormMail.pl available from
>> http://nms-cgi.sourceforge.net/ , I've a number of sites using it
>> and never had a problem - though I may be lucky.
>>
>> Have you got all the correct security settings in the script?
>>
>> It may be worth a review of the README.txt file.
>
>
> My hosting company have said this is nothing to do with the
> FormMail.pl (they have recently checked and replaced it) and have
> suggested that someone is using a bot that automiatically runs the
> HTML code of my web form.

It may be a just question of terminology but there isn't any code to run in
your HTML - if that's what your hosting company is saying, then someone's a
bit confused. The code's in the FormMail Perl script.

> Are you saying that if my FormMail.pl file
> was secure in the first place, the whole bot thing would not be
> possible?

just so I get it right - you're getting spam emails, sent to you, using the
form that's generated by FormMail on your web site?

That's not the usual problem associated with FormMail- Matt's script, once
widely used, was vulnerable to being used for spammers to send out spam via
someone else's FormMail.

--
PeterMcC
If you feel that any of the above is incorrect,
inappropriate or offensive in any way,
please ignore it and accept my apologies.

[Back to original message]