Welcome to WebmasterWorld Guest from 54.145.246.183

Forum Moderators: Ocean10000 & incrediBILL & phranque

.htaccess help - trying to block formmail hits

in my web hosts central cgi-bin

   
10:20 pm on Jan 29, 2003 (gmt 0)

10+ Year Member



I hope this is the correct place to post this. I've seen & read other .htaccess threads here, so...

My host has a central cgi-bin were they keep scripts for all virtual domains use via script aliases.

Recently some of my sites have been getting tons of hits for /cgi-bin/formmail.pl. I have tried in vain to block these using the following (and numerous variations of) .htaccess:

Options +FollowSymLinks
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} ^/cgi-bin/formmail\.(pl¦cgi) [NC]
RewriteRule ^.* - [F,L]

Any ideas of what I am doing wrong? A simple test with another (below) .htaccess file worked

rewriteEngine on
rewriteBase /
rewriteRule ^test_page.htm index.htm

so I am assuming that mod_rewrite is on, otherwise that wouldn't have worked (right?).

Thanks for any and all ideas.

10:30 pm on Jan 29, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Brandi01,

Try this simplified version in your top-level directory .htaccess :

Options +FollowSymLinks
RewriteEngine on
RewriteRule formmail\.(pl¦cgi)$ - [NC,F]

This will block any request for formmail to any directory or subdirectory of you account.

Don't forget to replace the "¦" pipe character if you cut-n-paste from above. It must be a solid vertical bar. The WebmasterWorld software changes the character set or something...

Jim

10:46 pm on Jan 29, 2003 (gmt 0)

10+ Year Member



Thanks Jim.

It somewhat worked.

I can still access mydomain.com/cgi-bin/formmail.pl

I now get a 403 trying to access mydomain.com/formmail.pl

I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me.

Thanks for reminding me about changing the ¦, I forgot about that once before doing a cut and paste and banged my head against the wall for awhile before catching it.

Any other ideas?

-brandi

10:57 pm on Jan 29, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I don't know a lot about aliases, but I keep thinking that is the problem. The formmail script is not in my local cgi-bin, it is about 3 levels above my root, at the same level as the servers conf folder, if you follow me.

Yes, I picked up on that. The problem is that you can't do anything about that from your level. The host administrator is going to have to take care of that, since it's out of your "realm" - By the time your .htaccess is executed, it's too late because the server has already redirected that cgi-bin request at a level above your .htaccess.

A better approach to suggest to them is to let you set up your own cgi-bin directory, and then place a Unix file link in it pointing to their script directory. You can then password-protect your directory to keep the bad guys out. They'd also have to remove their redirect or script-alias for cgi-bin that's currently above your account... Basically, let you call their script from a password-protected dir in your account.

Jim

11:04 pm on Jan 29, 2003 (gmt 0)

10+ Year Member



Thanks so much, Jim.

I already have a local cgi-bin for my own scripts, so I will take your explanation and see if they can do what you suggest. I just really don't want to end up on a blacklist because of this, which I don't have much control over (except to switch hosts).

Thanks again,
-brandi

11:08 pm on Jan 29, 2003 (gmt 0)

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member



No problem,
You might also want to try a search here on WebmasterWorld for "formmail script" and variants. The older versions are insecure. Newer versions are better, but at least one member has posted about additional improvements.

Best,
Jim

 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month