Hi there,
I was wondering if you could consider removing any references to phpFormMail from error messages and from pages/output from publicly available phpFormMail pages. These (unfortunately) help potential hackers to first narrow down a script to the package it is using, and then sometimes even to a specific version. This has really taken off since the increased use of GoogleHacking, and the number of spam messages (and attempts) from the 1.06.x vulnerabilities on our servers is truly mindboggling, even with scripts that are renamed to a non-default filename.
Is there any chance that the phpFormMail devs could remove the phpFormMail references from, for example, just calling the script and getting an error? It is security through obscurity, and not an answer to everything, but when the output of scripts is used to find vulnerable scripts via google and other sources, it seems like it would be a great step forward in helping to protect users.
Thoughts?
Removing Branding from Publicly Available Pages
Basically, as per the user license:Quote:
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version of the License, or (at your option) any later version.
You can do this yourself by doing a search for 2 terms:
boaddrink.com and phpformmail; then replace with something of your choosing, use your own domain instead or just remove
the references completely (from the generated text/html; not from the code).
Also, rename the 2 php files, remember to change your
code to the changed name of the script...