On 3/18/06, Knute Johnson <knute@xxxxxxxxxxx> wrote: > I need some help finding the correct place to go to get specific > help. We have a script that uses sendmail to send form data to the > site owner. Last night somebody managed to use it to send thousands > of spam emails. I need to find the right place to ask about the > script to determine exactly how the attack was accomplished so we can > fix the script. Any direction would be greatly appreciated. It's a common problem with badly written formmail programs. The rule of thumb should be that you only send fixed text to email addresses that come from form input and only send form input data to fixed email addresses. See http://nms-cgi.sf.net/ for a formmail that is more secure than most. Dave...
