Strange web logs
Results 1 to 6 of 6

Thread: Strange web logs

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    227

    Question Strange web logs

    Hi all,

    i found in logs of one www page i made that someone is trying to access files like /cgi-bin/Formmail.pl, /cgi-bin/formmail.cgi,/cgi-sys/formmail.cgi etc. Is this something like bots looking for robots.txt or is someone just trying to find a hole in security? If so - I'm curious what should these files do? I do know nothing about cgi so could someone explain?

    Thank you in advance
    http://promote.opera.com/small/opera94x15.gif

    [gloworange]Sun7dots[/gloworange]

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    Sounds like someone is looking for CGI vulnerabilities. It could be a manual scan or an automated scan using something like nikto.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Member
    Join Date
    Oct 2001
    Posts
    76
    Formmail.pl is a well-known, but very poorly written CGI script for sending e-mail from a web form. It's so bad that many ISP's and web hosts explicitly forbid it's use. Spammers scan for sites with formmail.pl present, and exploit it in order to do their thing and send spam through it to hide the real source. Because of this, I would report them to their ISP abuse address...

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    227
    Thanx for info guys!
    http://promote.opera.com/small/opera94x15.gif

    [gloworange]Sun7dots[/gloworange]

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    If you are looking for more specific vulnerabilities, goto http://search.securityfocus.com/swsearch and type in "formmail" as the search text.

    Results for formmail 1 to 15 of 195 results.
    Wow... 195... is that all?

    I realize that it was just showing up in your logs, and you may not be using it... but for the curious (like me)....
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    most "auditing tools" also scan for it, and so do some mass mailers..

    funny thing is, if you write a little cgi that poses as formmail, you can catch what they are trying to send thrue your server..

    In my case I caught some lame spammers trying to send (mass) mails for penis enlargements
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •