For the most part, I’m very pleased with the service I get from Invite.net. They might want to look into changing how they roll out new domains, however. By default, they provide a version of formmail.pl that is hugely susceptible to being used as a spam relay.

I discovered this, of course, when I found several dozen “undeliverable” notices in my mailbox this evening. Luckily, one of the offending messages included a link to the means of transmission. Otherwise I’d still be sitting here at home scratching my head in wonder. Instead I’ve simply taken the step of making all of the scripts Invite provided me with non-executable. I also renamed formmail.pl to be safe.

While a big chunk of blame lands on Invite for this snafu, it bears mentioning that I could and should have investigated and disabled any scripts I had no intention of using right when I first rolled out the website. Let this be a lesson to anyone who sets up hosting on someone else’s machine: Remove or disable anything you aren’t actually going to need. You never know which services and scripts are vulnerable to abuse.