<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Apparently I was wrong about "a vulernability is being exploited on the
top-level script." Criss, who helped me upgrade to the latest version
of PmWiki, tells me:<br>
<blockquote><font size="-1">The way
the mailform works, people *can't* get your email address. Your email
address is in the config file, not anywhere a spammer could get to it. </font><br>
</blockquote>
But after the upgrade, I'm still getting about 15 spams each day.
Here's an example:<br>
<blockquote>
<pre wrap=""><font size="-1"> <a href=<a
class="moz-txt-link-rfc2396E"
href="http://www.spazioforum.it/forums/cayman.html">"http://www.spazioforum.it/forums/cayman.html"</a>>viagra online</a> [url=<a
class="moz-txt-link-freetext"
href="http://www.spazioforum.it/forums/cayman.html">http://www.spazioforum.it/forums/cayman.html</a>]viagra online[/url] <a href=<a
class="moz-txt-link-rfc2396E"
href="http://www.spazioforum.it/forums/gtcup.html">"http://www.spazioforum.it/forums/gtcup.html"</a>>buy levitra</a> [url=<a
class="moz-txt-link-freetext"
href="http://www.spazioforum.it/forums/gtcup.html">http://www.spazioforum.it/forums/gtcup.html</a>]buy levitra[/url] <a href=<a
class="moz-txt-link-rfc2396E"
href="http://www.spazioforum.it/forums/carrera.html">"http://www.spazioforum.it/forums/carrera.html"</a>>viagra cheap</a> [url=<a
class="moz-txt-link-freetext"
href="http://www.spazioforum.it/forums/carrera.html">http://www.spazioforum.it/forums/carrera.html</a>]viagra cheap[/url] <a href=<a
class="moz-txt-link-rfc2396E"
href="http://www.spazioforum.it/forums/cayenne.html">"http://www.spazioforum.it/forums/cayenne.html"</a>>buy generic viagra</a> [url=<a
class="moz-txt-link-freetext"
href="http://www.spazioforum.it/forums/cayenne.html">http://www.spazioforum.it/forums/cayenne.html</a>]buy generic viagra[/url] <a href=<a
class="moz-txt-link-rfc2396E"
href="http://www.spazioforum.it/forums/boxster.html">"http://www.spazioforum.it/forums/boxster.html"</a>>generic cialis</a> [url=<a
class="moz-txt-link-freetext"
href="http://www.spazioforum.it/forums/boxster.html">http://www.spazioforum.it/forums/boxster.html</a>]generic cialis[/url] cnk7inl180cn9n9
-------------------------------------------<i><b>
</b><font color="#ff0000"><b>This message was sent by the PmWiki MailForm at Comment.Home</b></font></i></font></pre>
</blockquote>
But <a class="moz-txt-link-freetext"
href="http://progressiveresourcecatalog.org/index.php/Comment.MailformWh">http://progressiveresourcecatalog.org/index.php/Comment.MailformWh</a>
no longer exists. I deleted it and substituted "To contact the
Progressive Resource Catalog, send email to Wade Hudson, whudson AT igc
DOT org." (See
<a class="moz-txt-link-freetext"
href="http://progressiveresourcecatalog.org/index.php/Comment.Home">http://progressiveresourcecatalog.org/index.php/Comment.Home</a>).
How can I be getting spam from a mailform that is no longer on my site?<br>
<br>
Using Thunderbird, I filter that spam into my Junk mail folder and
periodically delete them. So it's no real problem for me and my web
host no longer seems worried about a more serious vulnerability.<br>
<br>
But this spam remains a curiosity that may be of interest to others and
may be a problem that we can solve somehow. Could the spammers have
captured what they need to use the mail form even though that page is
no longer on the site?<br>
<br>
Should I update my comments.php or my mailform recipe (they're both
old)?<br>
<br>
Thanks,<br>
Wade<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:christian.ridderstrom@gmail.com">christian.ridderstrom@gmail.com</a> wrote:
<blockquote
cite="midPine.LNX.4.64.0612231253060.13698@black01.md.kth.se"
type="cite">On Thu, 21 Dec 2006, Wade Hudson wrote:
<br>
<br>
<blockquote type="cite">Dear pmwiki users:
<br>
<br>
On my site, a vulernability is being exploited on the top-level script.
About ten times a day, I receive spam that includes a number as the
username and then has "@users.hostname.net" as the domain name.
<br>
</blockquote>
<br>
I'm not to clear on the details here. Are you saying that pmwiki.php is
being used to send spam?
<br>
<br>
/Christian
<br>
<br>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
pmwiki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a>
<a class="moz-txt-link-freetext" href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a>
</pre>
</blockquote>
</body>
</html>