Naiomi1917 Posted July 27, 2004 Posted July 27, 2004 (edited) Hi. Check this out. I was looking at "latest visitors" in the Cpanel and I ran across a bunch of these checks on my cgi bin. What does it mean when so many searches are done so often AT ALMOST THE EXACT SAME TIME to try to dig into the non-public aspects of my site? I've also seen bounced spam emails (which I never sent) with my web site's email address as "mail undeliverable," which pretty much implies someone has been sending spam in my name. Can anyone tell me what you think of this, or if these could be connected? Thanks! Here is my "latest visitors" info: Host: 193.255.207.253 Url: /cgi-bin/contact.pl Http Code : 404 Date: Jul 26 12:53:27 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 213.121.165.98 Url: /cgi-bin/form.cgi Http Code : 404 Date: Jul 26 12:53:25 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 141.158.65.245 Url: /cgi-bin/fmail.pl Http Code : 404 Date: Jul 26 12:53:24 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 66.7.35.35 Url: /mail.cgi Http Code : 404 Date: Jul 26 12:53:23 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 211.46.75.189 Url: /cgi-bin/formmail.cgi Http Code : 404 Date: Jul 26 12:53:10 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Host: 148.245.7.131 Url: /cgi-bin/mailform.pl Http Code : 404 Date: Jul 26 12:53:09 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 81.19.98.97 Url: /cgi-bin/contact.cgi Http Code : 404 Date: Jul 26 12:52:54 Http Version: HTTP/1.1" Size in Bytes: 1945 Referer: Agent: - Host: 201.129.2.55 Url: /cgi-bin/support.cgi Http Code : 404 Date: Jul 26 12:52:46 Http Version: HTTP/1.0" Size in Bytes: 1933 Referer: Agent: - Edited February 24, 2005 by Naiomi1917 Quote
Head Guru Posted July 27, 2004 Posted July 27, 2004 It appears that some spammer is searching your cgi-bin for Form Mail scripts that could be exploited and used to send spam from your domain. If you do not have any Form Mail Scripts uploaded to your account you should not have any concerns. Bill Quote
TCH-Rob Posted July 27, 2004 Posted July 27, 2004 As far as the SPAM, it happens to all of us. Some viri send infected email in your name because you are in someones address book. Nothing to worry about there. Quote
Naiomi1917 Posted July 27, 2004 Author Posted July 27, 2004 Actually I *do* have a formmail.pl in there. Do you think they got to use it even though it showed a 404 on their end? Why so many of these at the exact same time, too? They all had different IP addresses. Thanks again. Please let me know what you think I should do! Quote
TCH-Rob Posted July 27, 2004 Posted July 27, 2004 I am not sure what script you are using but you might want to search and see if there are any vulnerabilities for it and consider switching to something else if you find anything. Quote
TCH-Bruce Posted July 27, 2004 Posted July 27, 2004 (edited) Actually I *do* have a formmail.pl in there. Do you think they got to use it even though it showed a 404 on their end? I would recommend if you are using a form mailer to switch to the Ultimate Form Mailer written by one of our own TCH users. Edited July 27, 2004 by TCH-Bruce Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.