<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">

</head>

<body bgcolor="#ffffff" text="#000000">

Apparently I was wrong about "a vulernability is being exploited on the

top-level script." Criss, who helped me upgrade to the latest version

of PmWiki, tells me:<br>

<blockquote><font size="-1">The way

the mailform works, people *can't* get your email address.&nbsp; Your email

address is in the config file, not anywhere a spammer could get to it. </font><br>

</blockquote>

But after the upgrade, I'm still getting about 15 spams each day.

Here's an example:<br>

<blockquote>

  <pre wrap=""><font size="-1"> &lt;a href=<a

 class="moz-txt-link-rfc2396E"

 href="http://www.spazioforum.it/forums/cayman.html">"http://www.spazioforum.it/forums/cayman.html"</a>&gt;viagra online&lt;/a&gt; [url=<a

 class="moz-txt-link-freetext"

 href="http://www.spazioforum.it/forums/cayman.html">http://www.spazioforum.it/forums/cayman.html</a>]viagra online[/url] &lt;a href=<a

 class="moz-txt-link-rfc2396E"

 href="http://www.spazioforum.it/forums/gtcup.html">"http://www.spazioforum.it/forums/gtcup.html"</a>&gt;buy levitra&lt;/a&gt; [url=<a

 class="moz-txt-link-freetext"

 href="http://www.spazioforum.it/forums/gtcup.html">http://www.spazioforum.it/forums/gtcup.html</a>]buy levitra[/url] &lt;a href=<a

 class="moz-txt-link-rfc2396E"

 href="http://www.spazioforum.it/forums/carrera.html">"http://www.spazioforum.it/forums/carrera.html"</a>&gt;viagra cheap&lt;/a&gt; [url=<a

 class="moz-txt-link-freetext"

 href="http://www.spazioforum.it/forums/carrera.html">http://www.spazioforum.it/forums/carrera.html</a>]viagra cheap[/url] &lt;a href=<a

 class="moz-txt-link-rfc2396E"

 href="http://www.spazioforum.it/forums/cayenne.html">"http://www.spazioforum.it/forums/cayenne.html"</a>&gt;buy generic viagra&lt;/a&gt; [url=<a

 class="moz-txt-link-freetext"

 href="http://www.spazioforum.it/forums/cayenne.html">http://www.spazioforum.it/forums/cayenne.html</a>]buy generic viagra[/url] &lt;a href=<a

 class="moz-txt-link-rfc2396E"

 href="http://www.spazioforum.it/forums/boxster.html">"http://www.spazioforum.it/forums/boxster.html"</a>&gt;generic cialis&lt;/a&gt; [url=<a

 class="moz-txt-link-freetext"

 href="http://www.spazioforum.it/forums/boxster.html">http://www.spazioforum.it/forums/boxster.html</a>]generic cialis[/url]  cnk7inl180cn9n9 

-------------------------------------------<i><b>

</b><font color="#ff0000"><b>This message was sent by the PmWiki MailForm at Comment.Home</b></font></i></font></pre>

</blockquote>

But <a class="moz-txt-link-freetext"

 href="http://progressiveresourcecatalog.org/index.php/Comment.MailformWh">http://progressiveresourcecatalog.org/index.php/Comment.MailformWh</a>

no longer exists. I deleted it and substituted "To contact the

Progressive Resource Catalog, send email to Wade Hudson, whudson AT igc

DOT org." (See

<a class="moz-txt-link-freetext"

 href="http://progressiveresourcecatalog.org/index.php/Comment.Home">http://progressiveresourcecatalog.org/index.php/Comment.Home</a>).

How can I be getting spam from a mailform that is no longer on my site?<br>

<br>

Using Thunderbird, I filter that spam into my Junk mail folder and

periodically delete them. So it's no real problem for me and my web

host no longer seems worried about a more serious vulnerability.<br>

<br>

But this spam remains a curiosity that may be of interest to others and

may be a problem that we can solve somehow. Could the spammers have

captured what they need to use the mail form even though that page is

no longer on the site?<br>

<br>

Should I update my comments.php or my mailform recipe (they're both

old)?<br>

<br>

Thanks,<br>

Wade<br>

<br>

<a class="moz-txt-link-abbreviated" href="mailto:christian.ridderstrom@gmail.com">christian.ridderstrom@gmail.com</a> wrote:

<blockquote

 cite="midPine.LNX.4.64.0612231253060.13698@black01.md.kth.se"

 type="cite">On Thu, 21 Dec 2006, Wade Hudson wrote:

  <br>

  <br>

  <blockquote type="cite">Dear pmwiki users:

    <br>

    <br>

On my site, a vulernability is being exploited on the top-level script.

About ten times a day, I receive spam that includes a number as the

username and then has "@users.hostname.net" as the domain name.

    <br>

  </blockquote>

  <br>

I'm not to clear on the details here. Are you saying that pmwiki.php is

being used to send spam?

  <br>

  <br>

/Christian

  <br>

  <br>

  <pre wrap="">

<hr size="4" width="90%">

_______________________________________________

pmwiki-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a>

<a class="moz-txt-link-freetext" href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a>

  </pre>

</blockquote>

</body>

</html>