Email forms are a common way for hackers to send spam. If you use email forms such as Matt’s script (often known as FormMail) or other similar mail scripts, your server could be vulnerable to attacks. If you have clients or simply other users creating sites on your server, you might not even know if you have these scripts. To find out, you can run this simple command:
find / -name “[Ff]orm[mM]ai*”
To check for CGIemail scripts, try this command:
find / -name “[Cc]giemai*”
Finally, to disable the sending of emails from the forms, enter:
chmod a-rwx /path/to/filename
This last command will completely lock user permissions to the script, so if you have a customer or user of a VPS who utilizes one of these form scripts, be sure to contact them and give them ample warning before proceeding. You should offer them a safe and secure alternative, leaving your customers happy and your server secure.