I would 1st remove your URL from your post, it's against TOS of this board and also invites even more trouble to your script.

If you install and configure formail correctly (Matts Script) it can work fine (rename the file and place it in a different directory/folder under your cgi-bin). Do not use autoresponders and configure referers down to the page. I would also encrypt the entire form (search in Google for "html encoder") within your page. All of the above will stop 99.9% of your problems.

You can also roll-your-own PHP script, but make sure you block from injection attacks.

Hi
Thank you for your reply and suggestion.
I will 1st try the rename and re-locate the file option.
That sounds like a very good idea.
Sorry about the site address in the server log entry.
I can not however find a way to edit my post to take it out or change it to something less specific.
(I am new to this forum and still finding my way around)

Thanks again
Tom

Welcome to WebmasterWorld, Tom.

Another option with perl formmail scripts is to modify the script itself, perhaps even going as far as copying and using a different script for each form and changing the "action" attribute in the form to point to the specific processing script for each.

Another advantage is to bypass the whole hidden form value portion of these scripts and putting the values right into the configuration variables in the perl processing script itself.

There are a number of ways to make this more dynamic but these few tips should get you off the spam rotation.

Hello coopster
Thank you for your suggestions and thank you for fixing the site URL in my post to non-specific.

I am looking at your suggestions.
I know little about perl script programming but having said that, can look at and follow the logic of a script. (I am learning fast)
My problem here is, this script - "forms.cgi" - looks nothing like the classic "FormMail.pl" script that everyone seems to refer to or reference.
"forms.cgi" is a vDeck control panel form processor for forms created though admin panel in the vDeck form mail program.
As such, seems like most everything in the script is referencing various vdeck functions, most of them seemingly in a vdeck database somewhere else on the server.

The individual forms are created within the vdeck program, assigned a unique form_ID number and stored within vdeck. It would then appear the data pertaining to each specific form is stored in this database.

Having contacted my host - iPowerWeb inc. - all they will say is to make the script more secure would require a programming effort they are not willing to undertake but would not object to any modifications made by myself.
Problem is, I don't have a clue where to start or what to do given the things you guys talk about do not appear in this script.

This will explain my difficulty in making any script modifications suggested.
I however welcome anything you guys have to offer, you are the experts and are the only ones who seem willing to communicate on the subject for which I am grateful.

Tom

I have access to a couple of ipowerweb hosted sites but nethier has the feature you are referring to: vdeck. The sites I can access use the very common cpanel with a CGI resources center and a formmail clone script.

Yes, I am aware of the older "cpanel" control panel.
These are on the older ipower servers.
The 1st site I hosted through ipower has that one.
I have 2 other sites hosted through ipower and my son has 14 and all these are on the newer servers which use the "vDeck" control panel which is much more robust and has many more features and facilities than does the older cpanel one.
I think ipower are looking at phasing out or upgrading the older servers but the problem is what to do about people on the old servers, the new stuff is not backwards compatible and the sites cannot be simply copied across.

Tom

First of all, I'd like to say that "formmail.pl" is Matt's Script (I think someone verified that, but if *you* can verify, that'd be great). I don't think I can post the link here, but if you *are* using Matt's Formmail script, you should disable/delete it ASAP. Matt himself (on his weblog - you can google for it) tells you the form is insecure, and there have been several hosting companies (not necessarily yours) that will shut down sites if found using the form. Your host won't do the coding because, in all honesty, it's a 3rd party script, and not their issue.

Matt does provide a solution: if you like his form, then switch to NMS. It's a lot like Matt's and a ton more secure.

HTH!