WebsiteKnowledge Base

FormMail Exploitation by Spammers

It is becoming more of a common occurrence that spammers are taking advantage of holes in FormMail scripts. The basic idea of how they are doing this is by looking for formmail.pl scripts and adding some additional code to them. Then they are to be sent out to potentially thousands of people.

Formmail is script written in Perl that create web forms designed to collect information entered by a user and then that data is sent to an email address. Many web sites use this popular script as it provides a good way to gather orders and information. To stop the potential spam email to be attached, there are security measures that can be taken to combat this problem.

Check error logs to see if a spammer has been looking into your FormMail. What to look for is a line ending with script not found or unable to stat:.FormMail.pl

Hosting providers should be able to quickly identify potential threats by searching their logs for strings containing the words "formmail.pl" or "formmail.cgi". The best way to combat this ongoing problem is to ensure the lastest upgrades are in place for your FormMail scripts.