This is a VERY important notice for all AusGamers hosted sites. We have had problems recently with hosted sites running insecure mail scripts, such as FormMail.pl. Spammers have been using these scripts to send out a lot of mail, which obviously gets us in trouble with all the anti-spamming fanatics.

This is a one-and-only warning for hosted sites running any mail scripts - make sure they are secure! Anyone found running FormMail or another untrusted, dodgy mail script will have their site closed down immediately. If you are not sure whether your mail script is secure, take it down immediately and ask for some advice.

I need help, apprently my email on the website have been use by spamer since two days, is there a way of stoping it, i previous thought is something to do with my ISP, but after reading your message, i think it is from the website i have host on ausgamer

don't mean to sound stupid or anything but it putting some text on the site and then linking it to an email address a script..

for eg

email me HERE

and here is linked to an address

is that a script?

No, it's not a script. It's a simple html tag that does that.

what scripts like formmail.pl do is they process information from a form (lets say, a cs clans website using it to do registration forms), and emails that information to someone.

so how do spammers use the forms to spam emails then? keep refreshing the page once it has been submitted?

even if that was the case, the email is on the form. And if u used a hotmail account (example) as the email address, does it still point back to ausgamers since ausgamers executed the sent mail?

they can send the emails directly to the script without the form
probably using some sort of hammering program

just checked my site, no email scripts found

but if u have a "Matt's Scripts" Formmail.cgi (or .pl) mailer script (The latest version), then they can't, cos in order to use it, the website must be hosted on the same domain as the script is hosted.

ie.

"www.tribesclans.com/visualhq/FormMail.cgi" can only work for the "www.tribesclans.com" domain.
if some1 from www.ausgamers.com wanted to use the script, it will come up with an error saying that www.ausgamers.com isn't menchoned in the "referers".

would this be considered as an insecure mail script:

xxxxxx.php
---------

$to = "abc@def.com";
$subject = "subject line";
$message = "variables from form";
$mailed = mail ( $to, $subject, $message );
if($mailed){
print "yadda yadda yadda";
}
?>
---------
and if so, could anyone pls direct me to somewhere i can find a secure mail script

thanks

If any user can access the page and the user is allowed to dictate the value of $to, then yes, it would be insecure.

form method = "post"
not "get" so it doesnt grab values from the url; so would that be considered secure then?

http_referer can be made to say anything the client wants - you can't rely on it. Don't use mail forms that send to user-supplied email addresses.

Also, don't use any of "Matt's Scripts" at all. Use of FormMail, even the latest version, is blocked by default and attempts to circumvent it will NOT be appreciated.