<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Apparently I was wrong about "a vulernability is being exploited on the
top-level script." Criss, who helped me upgrade to the latest version
of PmWiki, tells me:<br>
<blockquote><font size="-1">The way
the mailform works, people *can't* get your email address.&nbsp; Your email
address is in the config file, not anywhere a spammer could get to it. </font><br>
</blockquote>
But after the upgrade, I'm still getting about 15 spams each day.
Here's an example:<br>
<blockquote>
  <pre wrap=""><font size="-1"> &lt;a href=<a
 class="moz-txt-link-rfc2396E"
 href="http://www.spazioforum.it/forums/cayman.html">"http://www.spazioforum.it/forums/cayman.html"</a>&gt;viagra online&lt;/a&gt; [url=<a
 class="moz-txt-link-freetext"
 href="http://www.spazioforum.it/forums/cayman.html">http://www.spazioforum.it/forums/cayman.html</a>]viagra online[/url] &lt;a href=<a
 class="moz-txt-link-rfc2396E"
 href="http://www.spazioforum.it/forums/gtcup.html">"http://www.spazioforum.it/forums/gtcup.html"</a>&gt;buy levitra&lt;/a&gt; [url=<a
 class="moz-txt-link-freetext"
 href="http://www.spazioforum.it/forums/gtcup.html">http://www.spazioforum.it/forums/gtcup.html</a>]buy levitra[/url] &lt;a href=<a
 class="moz-txt-link-rfc2396E"
 href="http://www.spazioforum.it/forums/carrera.html">"http://www.spazioforum.it/forums/carrera.html"</a>&gt;viagra cheap&lt;/a&gt; [url=<a
 class="moz-txt-link-freetext"
 href="http://www.spazioforum.it/forums/carrera.html">http://www.spazioforum.it/forums/carrera.html</a>]viagra cheap[/url] &lt;a href=<a
 class="moz-txt-link-rfc2396E"
 href="http://www.spazioforum.it/forums/cayenne.html">"http://www.spazioforum.it/forums/cayenne.html"</a>&gt;buy generic viagra&lt;/a&gt; [url=<a
 class="moz-txt-link-freetext"
 href="http://www.spazioforum.it/forums/cayenne.html">http://www.spazioforum.it/forums/cayenne.html</a>]buy generic viagra[/url] &lt;a href=<a
 class="moz-txt-link-rfc2396E"
 href="http://www.spazioforum.it/forums/boxster.html">"http://www.spazioforum.it/forums/boxster.html"</a>&gt;generic cialis&lt;/a&gt; [url=<a
 class="moz-txt-link-freetext"
 href="http://www.spazioforum.it/forums/boxster.html">http://www.spazioforum.it/forums/boxster.html</a>]generic cialis[/url]  cnk7inl180cn9n9 
-------------------------------------------<i><b>
</b><font color="#ff0000"><b>This message was sent by the PmWiki MailForm at Comment.Home</b></font></i></font></pre>
</blockquote>
But <a class="moz-txt-link-freetext"
 href="http://progressiveresourcecatalog.org/index.php/Comment.MailformWh">http://progressiveresourcecatalog.org/index.php/Comment.MailformWh</a>
no longer exists. I deleted it and substituted "To contact the
Progressive Resource Catalog, send email to Wade Hudson, whudson AT igc
DOT org." (See
<a class="moz-txt-link-freetext"
 href="http://progressiveresourcecatalog.org/index.php/Comment.Home">http://progressiveresourcecatalog.org/index.php/Comment.Home</a>).
How can I be getting spam from a mailform that is no longer on my site?<br>
<br>
Using Thunderbird, I filter that spam into my Junk mail folder and
periodically delete them. So it's no real problem for me and my web
host no longer seems worried about a more serious vulnerability.<br>
<br>
But this spam remains a curiosity that may be of interest to others and
may be a problem that we can solve somehow. Could the spammers have
captured what they need to use the mail form even though that page is
no longer on the site?<br>
<br>
Should I update my comments.php or my mailform recipe (they're both
old)?<br>
<br>
Thanks,<br>
Wade<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:christian.ridderstrom@gmail.com">christian.ridderstrom@gmail.com</a> wrote:
<blockquote
 cite="midPine.LNX.4.64.0612231253060.13698@black01.md.kth.se"
 type="cite">On Thu, 21 Dec 2006, Wade Hudson wrote:
  <br>
  <br>
  <blockquote type="cite">Dear pmwiki users:
    <br>
    <br>
On my site, a vulernability is being exploited on the top-level script.
About ten times a day, I receive spam that includes a number as the
username and then has "@users.hostname.net" as the domain name.
    <br>
  </blockquote>
  <br>
I'm not to clear on the details here. Are you saying that pmwiki.php is
being used to send spam?
  <br>
  <br>
/Christian
  <br>
  <br>
  <pre wrap="">
<hr size="4" width="90%">
_______________________________________________
pmwiki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a>
<a class="moz-txt-link-freetext" href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a>
  </pre>
</blockquote>
</body>
</html>