An attempt to exploit a cgi-email script at http://www.tedroche.com/
contact.html was made from a computer located at 213.112.195.100
according to the logs:
213.112.195.100 - - [31/Aug/2005:17:05:29 -0400] "POST /cgi-bin/
gypsymail.py/traacontact.txt/traaemail.txt HTTP/1.1" 200 674 "http://
www.tedroche.com/" "-"
My question: how likely is it that the IP address in my Apache logs
is correct? I'd like to report the abuse to the ISP, but there is no
point if it is spoofed.
FYI, the script was attempting to generate an email resembling the
following. Note that the aol.com address can be found in thousands of
attempts if you search Google. That particular page is coded to send
to me only, so I don't believe they were successful. Clever little
devils, eh?
[EMAIL PROTECTED]
Content-Type: multipart/mixed; boundary="===============2097271380=="
MIME-Version: 1.0
Subject: e2d198bc
To: [EMAIL PROTECTED]
bcc: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
--===============2097271380==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
efejut
--===============2097271380==--
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
