Website Hosting and Design

 

Important FormMail.pl security information

Matt Wright's FormMail is a very common form processor that many of our clients install rather than using the clone we provide. If you do this, please observe the following VERY IMPORTANT security note.

Spammers look for "exploitable formmail" and then can forge headers to send SPAM from your domain through the FormMail script. Unless you have properly secured the script, you are vulnerable.

To ensure that you are not hit, modify the @recipients parameter as follows:

@recipients = &fill_recipients('domain.com','sub.domain.com','another.com');

...listing any domain that you wish to be able to receive mail through your formmail script. This should be done in addition to the @referrer line which you modified to get the form working.

Detailed configuration instructions for the original FormMail.pl can be found here:

http://www.scriptarchive.com/formmail.html

NOTE: For those users who are using the formmail clone we provide through CPanel, this has been taken care of for you.

Return to FAQ