Prohibited Scripts And Applications

Use of PHP mail() function. Because of the ease of hijacking by spammers, we prohibit the use of scripts (whether your own scripts or third-party scripts) on our Linux servers which make use of the PHP mail() function unlessthey also contain effective measures to prevent header injection which have been specifically approved by us. We strongly recommend use of our TWSendLib code (contact us for details) which is a drop-in replacement for mail() calls, and are very happy to provide advice when needed.

phpBB Bulletin Board package and all associated or companion scripts or applications designed to work with phpBB. Unfortunately phpBB has been the subject of intense attack over a considerable period of time and has been compromised on many occasions over a number of versions, leading to abuse by spammers, system compromise and damage to files. The design of the software leads us to conclude that attacks and compromises are likely to continue, and that this software poses an unacceptable risk to our customers.

Cgiemail form-to-email script. This script is actually built into the CPanel control panel we use, but has found to be insecure. Although it will still appear on the CPanel list of scripts, we've disabled the script itself so it cannot be installed. All customers who have a copy of this script in their cgi-bin must remove it immediately to avoid abuse of the script by spammers to send unauthorised mail.

Matt's Script Archive FormMail form-to-email script and all associated or companion scripts or applications designed to work with Matt's FormMail. Various versions of this script has been vulnerable to abuse by spammers. Note that the "FormMail Clone" script included in CPanel on our Linux web hosting accounts has been specifically designed to be compatible with Matt's Script Archive FormMail and to be used instead of it. We recommend the "FormMail Clone" script in CPanel for form-to-email requirements.