I saw this in my access log and I found it interesting.

63.98.60.x - - [08/Apr/2003:13:39:43 -0700] "GET /cgi-bin/formmail.pl HTTP/1.0" 404 213 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:44 -0700] "GET /cgi-bin/formmail.cgi HTTP/1.0" 404 214 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:45 -0700] "GET /cgi-bin/FormMail.pl HTTP/1.0" 404 213 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:46 -0700] "GET /cgi-bin/FormMail.cgi HTTP/1.0" 404 214 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:48 -0700] "GET /cgi-sys/formmail.pl HTTP/1.0" 404 0 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:49 -0700] "GET /cgi-sys/formmail.cgi HTTP/1.0" 404 0 "http://mydomain/" "-"
63.98.60.x - - [08/Apr/2003:13:39:50 -0700] "GET /cgi-sys/FormMail.pl HTTP/1.0" 404 0 "http://mydomain/" "-"

I didn't have a formmailer in any of those locations and the formmailer I believe is secure. But it goes to show you that we need to make sure our formmailers are secure, otherwise they will find them. Just some warning for those who haven't thought about it.

Yes, this is a popular exploit of spammers. If you don't know how to create a secure form-mailer, then use PowWeb's. And if you do have your own, DON'T name it formmail!

Heh, I got one of those. Don't use Frommail yet though.

I use a formmailers that the to address is embedded in the script. Which seems pretty secure. If anyone is interested I would be willing to provide it to whomever.

But I do know that many are using older versions of a formmail (especially older verisions that were at Matt's script archive) that have a lot of vulernabilities that would allow a spammer the highjack the server. Just an FYI that they are looking for these vulnerabilities.