Home | All Questions | alt.html FAQ > Common Gateway Interface (CGI)

Is my formmail secure?

If you are using Matt's formmail script, the chances are that are vulnerable by spammers using your webserver as an open relay. The problem is that the scripts in Matt's Script Archive aren't very good. The scripts are well known amongst the Perl community to be badly written, buggy and insecure. Anyone asking for support on Matt's scripts in any forum will be told in no uncertain terms that they shouldn't use his scripts. The additional spammer element to this equation makes replacing Matt's formmail script imperative.

Matt's Script Archive has been on the web since 1995. It is a repository of CGI scripts written in Perl by a programmer called Matt Wright. He wrote these as a way of learning Perl, and for such reasons, the scripts weren't designed with security and safety in mind. Matt's Script Archive is probably the most popular repository of CGI scripts currently available on the internet.

Matt has recently edited his website to recommend that others looking for a formmail script use the NMS scripts instead, so he is fully aware of the dangers of using his formmail script.

The vulnerabilities

The formmail vulnerability allows spammers to send anonymous email to anyone on their mailing list. Because the email was created using the formmail's configured sendmail, the email originates from the webserver. So the spammer is effectively annonymous, and difficult to stop. So by providing the spammers these anonymous open-relays, you are the victim, as well as a participant in a spam run. So it is in the website owner's benefit to plug these security holes.

Still not convinced that your formmail script is vulnerable? Why not use a formmail tester script to find out? This script was written by Ronald F. Guilmette (the guy behind monkeys.com).

Please pay particular note to the copyright terms and conditions. Commercial use of this script is expressly prohibited. Any person caught using this script, or any part thereof, to either find or exploit FormMail script for commercial spamming purposes will be held legally responsible for copyright violation.

The alternatives

One script change that can make Matt's formmail safer is to hard-code the delivery email address into the script itself, rather than a hidden form field. A safer alternative is to remove Matt's version of the script entirely and use something a more security conscious.

NMS is a set of CGI scripts that are intended as drop-in replacments for the scripts at Matt's Script Archive. They require the same set-up as Matt's originals, but are designed to be secure.

Monkeys.com offers a more secure alternative version of formmail

Recommended Resources

Discussion

Related Questions