To ensure ongoing stability and availability of all our customer web sites, Powernet disallows the use of a number of CGI scripts that are known to contain security vulnerabilities. In each case we have attempted to highlight an alternative script which we recommend you use.
How do I know if I am using a vulnerable script on my site?
Our web servers recognise the filenames of vulnerable scripts and intercepts them. Instead of the script executing as desired, a web page will be displayed, like the one shown below, indicating that use of that script has been blocked.
It will be necessary for you to either remove the need for the script from your web site, or to replace it with an alternative. You then need to change the filename, or the new script will still be blocked from being used.
The table below shows the current blocked scripts, the function of the script, the reason it has been blocked, and a URL of a suggested alternative.
Form Mail
Script Name Pattern |
.*[Ff]orm.*[Mm]ail.*\.(cgi|pl|php)$ |
Example Script Names |
FormMail.cgi, formmail.php |
Function |
Takes the output generated from a form and e-mails it to a web site administrator |
Vulnerability |
Exploit allows script to be used maliciously as a spam relay |
Alternate Script |
The NMS Project (download the "compatibility package", not the "modular" one) |
Tell A Friend
Script Name Pattern |
.*[Tt]ell.*[Ff]riend.*\.(cgi|pl|php)$ |
Example Script Names |
TellAFriend.pl, tellfriend.cgi |
Function |
"Tell a friend about this site". Sends an e-mail to an address specified within a form |
Vulnerability |
Exploit allows script to be used maliciously as a spam relay |
Alternate Script |
email-a-friend |
Will we be blocking more scripts in the future?
We may block additional scripts in the future if they are found to contain vulnerabilities. If this becomes necessary we will give you advance warning of the block if your web site will be affected.