Etanisla Posted May 17, 2004 Posted May 17, 2004 Let me add four more entries from my access logs: >208.34.72.9 - - [16/May/2004:18:00:14 -0500] "POST /cgi/contactus.cgi HTTP/1.0" 404 591 "http://etanisla.com/" "-" 210.179.233.125 - - [16/May/2004:18:00:22 -0500] "POST /responsemailif.cgi HTTP/1.0" 404 596 "http://etanisla.com/" "-" 80.58.47.44 - - [16/May/2004:18:00:26 -0500] "POST /techformsend HTTP/1.0" 404 586 "http://etanisla.com/" "-" 64.14.144.85 - - [16/May/2004:18:00:27 -0500] "POST /cgi-bin/anfrage.pl HTTP/1.1" 404 605 "http://etanisla.com/" "-" Please note, that the only interactive component of etanisla.com is the WordPress blog. And that is going to be deleted on June 1st. Quote
annie Posted May 17, 2004 Posted May 17, 2004 I've got an increase in script kiddie accesses (probes of various kinds) since I moved to TCH. But there are always formmail probes, and occasionally periods with more probes before as well. I just renamed my secure formmail clone to give me some time to move to php. I did get some of these recently: GET /cgi-bin/dcforum/dcboard.cgi "HEAD /cgi-bin/sentry/admin/admin.cgi?setup HEAD /cgi-bin/form.cgi I also get loads of accesses from worms. Quote
annie Posted May 17, 2004 Posted May 17, 2004 Here are some more probes from my site: /cgi-bin/mastergate/accountcreate.cgi (I assume it's this one: http://www.superscripts.com/scripts/mastergate.html ) Wow, well known exploit: http://www.google.com/search?hl=en&ie=UTF-...G=Google+Search /cgi-bin/sentry/admin/admin.cgi (I assume it's this one: http://cgi.resourceindex.com/detail/03742.html ) or this one: http://www.ovelo.com/ Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.