February 3rd, 2004, 04:00 PM
Strange web logs
i found in logs of one www page i made that someone is trying to access files like /cgi-bin/Formmail.pl, /cgi-bin/formmail.cgi,/cgi-sys/formmail.cgi etc. Is this something like bots looking for robots.txt or is someone just trying to find a hole in security? If so - I'm curious what should these files do? I do know nothing about cgi so could someone explain?
Thank you in advance
February 3rd, 2004, 04:21 PM
Sounds like someone is looking for CGI vulnerabilities. It could be a manual scan or an automated scan using something like nikto.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
February 3rd, 2004, 05:14 PM
Formmail.pl is a well-known, but very poorly written CGI script for sending e-mail from a web form. It's so bad that many ISP's and web hosts explicitly forbid it's use. Spammers scan for sites with formmail.pl present, and exploit it in order to do their thing and send spam through it to hide the real source. Because of this, I would report them to their ISP abuse address...
February 9th, 2004, 01:11 PM
February 9th, 2004, 02:16 PM
If you are looking for more specific vulnerabilities, goto http://search.securityfocus.com/swsearch and type in "formmail" as the search text.
Wow... 195... is that all?
Results for formmail 1 to 15 of 195 results.
I realize that it was just showing up in your logs, and you may not be using it... but for the curious (like me)....
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
February 9th, 2004, 02:26 PM
most "auditing tools" also scan for it, and so do some mass mailers..
funny thing is, if you write a little cgi that poses as formmail, you can catch what they are trying to send thrue your server..
In my case I caught some lame spammers trying to send (mass) mails for penis enlargements
ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio
the best station for C64 Remixes !