Shit–something weird is happening, and I don’t think it’s very pleasant.
I’ve just been looking through our server logs for sunpig, and I’ve found that over the last two weeks, we’ve had over 800 hits on the page “formmail.pl”. This is a script used for sending email when you submit a form on a page. For example, if you fill in a “contact us” form on a site, formmail can be used to email the message you’ve written, without you having to use your mail program. It is installed by default with EZPublishing accounts.
But we don’t use formmail at all, so where the hell are those 800 hits coming from?? Unfortunately, I don’t have access to the raw server logs–only the digested reports. The reports say that some of the hits are being referred through from a page called “contact.htm” on our site (which doesn’t exist), and some are coming from the site www.ademack.com, which, given the content on that site, seems equally strange.
And then there’s that email addressed to a non-existent user on sunpig.com from someone asking to be manually removed from a mailing list because the “delete” link doesn’t work. Oh really?
Shit. Some arsehole has got latched onto sunpig.com having the formmail script installed, and is using it to spam people from our domain.
I’ve tried using .htaccess to re-route all requests for the formmail script, but that doesn’t seem to be working. (I think this is probably because the script doesn’t actually reside on our web space–our host is using some behind-the-scenes magic to make all requests from domains on this server route to a single source.)
I’ve passed the issue on to EZPublishing’s tech support now. They’re good, and I hope they can get this sorted quickly. (Don’t let me down now, guys!) I have no plans to use formmail here, so I’m quite happy if they just block access to it altogether.
If you happen to have come here because of a spam email you received from the sunpig.com domain, please accept my apologies. I hate these people as much as you do.
Update:
Judging by the patterns of access, the emails probably mention the page “www.sunpig.com/contact.htm” as the place to go if you want to be unsubscribed from whatever ficticious mailing list these ugly little gnomes claim to have got your email addy. Because this page used not to exist, if you went there you would get our severely minimalist “404 Not Found” error page. I’ve now put up a page there describing briefly what has happened.
And it also appears that I do have access to my server logs after all. It looks like I’ve got some tracing to do. Fortunately, the excellent Anders Jacobsen has just written an article on how to track down spammers. He just caught one of his own, you see.
Good luck finding your spammer, Martin! Nasty what they did using your server/domain! Let me know how it goes based on the article I wrote, and do let me know if I can help you further!