flag of the United Kingdom

This Server is not a Spam Relay!

Date:  Wed, 11th-Feb-2004prevnext

Tags: Security, Spam, Urban Mainframe

An open message to spammers everywhere...

I was studying my access reports recently when I noticed something very strange. No, it wasn't that a solitary visitor had been to the Urban Mainframe, it was even more unusual than that. What I noticed was that the server had recorded literally thousands of 404 errors.

Most webmasters are cringing right now, they're thinking, "thousands of 404's, DarkBlue really sucks."

I was suitably embarrassed until I looked a little more closely. The missing files weren't a testament to my ineptitude as a webmaster. I hadn't been deleting, moving or otherwise disturbing resources. Something more sinister had happened to my server.

The vast majority of the errors were requests for a file called "formmail.pl". This is a CGI script written by Matt Wright with the noble purpose of processing web form data and emailing it to the site's operators (for example).

Unfortunately, Wright doesn't seem to appreciate the significance of any of the well-documented threats inherent in the CGI environment. The result: formmail.pl is a script that has the potential to compromise your entire web server, sully your reputation and get your domain blacklisted.

The biggest problem, by far, with formmail.pl is that it basically turns your web server into an open email relay, which is a spammer's wet dream. The sheer volume of formmail.pl 404's I waded through conjured up images of an army of spammers. Each one probing my website, looking for formmail.pl. If their search reveals a hit, they can exploit the script's weaknesses and spawn another round of worthless bulk email, all of it appearing to have come from urbanmainframe.com.

I don't have formmail.pl on my server. I have never had formmail.pl on my server. So every single attempt to access the damn script results in my 404 page being served. Thus my bandwidth is consumed and my hosting charges increase.

I would love to spend some time with a spammer. I would introduce him (or her) to the unique pleasures that can be had with 28 ounces of high-performance aluminium. Unfortunately I will probably never get that lucky.

So, I have written an open letter to spammers the world over. I've kept my message concise and unemotional. It is a simple message that they will see whenever they try to find formmail.pl on my web server: http://urbanmainframe.com/cgi-bin/formmail.pl.

It won't make any difference I know, but it makes me feel better.

You can comment on this entry, or read what others have written (11 comments).