Naiomi1917

Actually I *do* have a formmail.pl in there. Do you think they got to use it even though it showed a 404 on their end? Why so many of these at the exact same time, too? They all had different IP addresses. Thanks again. Please let me know what you think I should do!

I hadn't used my WS_FTP for a month or two and I needed to swap out a file. WS_FTP has always worked flawlessly at my site. I repeatedly tried WS_FTP today and now it tells me that the connection is timed out every single time I try. It won't let me connect. Did something change that I need to know about? What should I do? Thanks!

Hi. Check this out. I was looking at "latest visitors" in the Cpanel and I ran across a bunch of these checks on my cgi bin. What does it mean when so many searches are done so often AT ALMOST THE EXACT SAME TIME to try to dig into the non-public aspects of my site? I've also seen bounced spam emails (which I never sent) with my web site's email address as "mail undeliverable," which pretty much implies someone has been sending spam in my name. Can anyone tell me what you think of this, or if these could be connected? Thanks! Here is my "latest visitors" info: Host: 193.255.207.253 Url: /cgi-bin/contact.pl Http Code : 404 Date: Jul 26 12:53:27 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 213.121.165.98 Url: /cgi-bin/form.cgi Http Code : 404 Date: Jul 26 12:53:25 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 141.158.65.245 Url: /cgi-bin/fmail.pl Http Code : 404 Date: Jul 26 12:53:24 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 66.7.35.35 Url: /mail.cgi Http Code : 404 Date: Jul 26 12:53:23 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 211.46.75.189 Url: /cgi-bin/formmail.cgi Http Code : 404 Date: Jul 26 12:53:10 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 148.245.7.131 Url: /cgi-bin/mailform.pl Http Code : 404 Date: Jul 26 12:53:09 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 81.19.98.97 Url: /cgi-bin/contact.cgi Http Code : 404 Date: Jul 26 12:52:54 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 201.129.2.55 Url: /cgi-bin/support.cgi Http Code : 404 Date: Jul 26 12:52:46 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: -

Everything's been taken care of now (very quickly too, thanks!) and I'll be exploring those links/threads. Thanks everyone! Dave

I sent this email to support@totalchoice.com and would like some of the readers here to check it out: [start forwarded email] Hi. Recently I heard about the security problems in some aspects of formmail.pl on the web -- and that it had already been corrected. When checking "recent visitors" I discovered that there had been a few checks on my /cgi-bin/formmail.pl from this address: 200.58.161.146 Through the use of this site http://www.serve.com/apg/spammers.html I discovered they were formmail spammers. How can I know if they did anything with my site, before or even after the security fix last weekend? This has happened 5 times for this month, as I check the records. Does that mean someone was abusing my scripts? Also, in my formmail.pl file I noticed the following line: @referers = ('domain.com','66.246.87.127'); The 66.246.87.127 refers to a Total Choice Hosting page, so what does that mean for my formmail? I'm not an expert on the use of CGI, but can I just take TCH out of the loop? Thanks! Dave [end of my email] Remember the email that went out from Total Choice about formmail.pl abuses? It was emailed on 5/18 and an email went out to say it was fixed on 5/19. As soon as I got TC's warning email on the 18th, I called up the 24 hour tech support emergency hotline, since formmail is important to my web site. No one was there and I left a phone message, and no one called me since. I tried to use the Online Chat feature from http://www.totalchoicehosting.com/web_host...ng_support.html but it said there was an error on the page, so the live chat wasn't (and still isn't) an option. Then I sent the email above (almost a week ago) and still have not received a response. I'm not sure what's happening since TC's support has been fantastic until now. When I check Cpanel, every other day it seems like there's another attempt from one of those formmail abuser's IP addresses trying to check out my cgi-bin/formmail.pl and it bothers me. Is there something I have to worry about? How can I find out if the formmail abusers have done anything to my site? Please help! Dave