On Sun, 12 Feb 2006 07:18:52 +0000, Roy Schestowitz
>__/ [BG] on Sunday 12 February 2006 00:51 \__
>> "SmakDaddy" <smakdaddy@xxxxxxxxxxxxxxxxxxx> wrote in message
>>> "BG" <johndoe@xxxxxxxxxxxxxxx> wrote in message
>>>> Several years ago I bought a nifty little program called CGI Star Pro and
>>>> automatically created cgi script for my forms. I am not nor have I ever
>>>> been a hacker, but I have reason to believe that these old cgi scripts
>>>> an open door for spammers. I just basically went through and jerked all
>>>> scripts and replaced with a standard contact page and an email address.
>>>> Anyway, now I have a client that really, really wants a form. What is a
>>>> really good, secure solution that can be used for this? TIA
>> This looks pretty good. Thanks for the tip!
>Choose an arcane or a rarely-used script that will not leave doors open to
>widely-known exploits. If the form has identifiers or attributions in it
>(e.g. a footer with link(s) to the homepage of the package, version numbers
>in the header), then remove them. There are automated tool to search for
>such pages and attempt to smash the common back doors.
>Failing that, tailor your own form or create a 'mutant' from a common
>successful and reliable script. Taking Advanced Guestbook, for example, I
>once installed it and got spammed every day. I then used a more secure
>derivative to replace it. The outcome: I only got spammed twice in about 6
>months. Saved me /a lot/ of trouble.
>Hope it helps,
Take a look at the formmail program these folks offer.
http://www.oneseek.com/formmail.htm I purchased it several years ago
and have never had a security problem. It also does many things that I
needed automated. It is reasonably priced and they also offer a
freebie version. I have no affiliation to these people other then
being a satisfied customer.
Best of luck.