Earlier this month ANOTHER hole has been discovered, letting spammers just have a field day. To see if you have people testing, or taking advantage of your formmail.pl/cgi scripts, log into WHM and view the mail statistics and the mail queue. Look for attempts or messages send via /domain/cgi-sys/formmail.pl or similar. You may be supprised what you find.
Anyway, chances are you do not use this anyway, yet cpanel installs these scripts by default. They are outdated and there are much better solutions, so it is in your best interest to disble them, which is very simple.
Log into SSH as root.
Then type these commands:
cd /usr/local/cpanel/cgi-sys <br /> <br /> <br />chmod 0 cgiemail formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl helpdesk.cgi realhelpdesk.cgi realsignup.cgi signup.cgi <br /> <br /> <br />chattr +i cgiemail formmail.cgi FormMail.cgi FormMail-clone.cgi formmail.pl FormMail.pl helpdesk.cgi realhelpdesk.cgi realsignup.cgi signup.cgi
There you go, all set
This is usually one of the first things I do on my servers, but I must have forgot on my newest one because even though I only have a few dummy accounts, I checked the mail log to see people still attempting to use these scripts
