sumner23 ([EMAIL PROTECTED]; Thursday, November 21, 2002 3:53 AM): > In recent daily raw logs I now see an occasional entry:
> post/cgi-bin/formmail.pl > OR > post/cgi-bin/formmail.cgi > The "visitors" (whose IP's are given) never go to an actual web page from > there, and a few of them repeat the command. > Are these attempts to hack into my mailbox? If so, how would I know if > they were sucessful? A matter of concern? What should I do? These are attempts to break into un-protected web-based emailers. Many sites include scripts such as these that allow visitors to send the contents of a form on a web page to the owner of the site. What these requests are doing is trying to see if they can use the form to send bulk email. If the status code on the 200, then it was a success. If 404 (or 500) then it failed. If you have such a script on there you should secure it in one of the following ways: 1] Require that the referrer is your site only. This is not entirely secure as the spammer/cracker can still fake that information. 2] Modify the script so that the email it send to is hard-coded rather than provided as a CGI argument. This makes the script fairly useless to the spammer. -- Jeremy Wadsack Wadsack-Allen Digital Group +------------------------------------------------------------------------ | This is the analog-help mailing list. To unsubscribe from this | mailing list, go to | http://lists.isite.net/listgate/analog-help/unsubscribe.html | | List archives are available at | http://www.mail-archive.com/analog-help@lists.isite.net/ | http://lists.isite.net/listgate/analog-help/archives/ | http://www.tallylist.com/archives/index.cfm/mlist.7 +------------------------------------------------------------------------
