Msg#: 3348297 posted 6:01 am on May 24, 2007 (gmt 0)
I have had several entries like this in my web log for some time:
125.188.29.#*$! - - [23/May/2007:14:20:34 +0200] "POST /mypage.html HTTP/1.1" 200 34148 "http:// www.mywebhost.com/cgi-bin/formmail.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The referrer is constant. Sometimes there is a user agent, sometimes there is just a dash. The IP is always different - zombies? There is no web form on that particular page.
I asked my web host, and they just said "don't worry", without explaining what was going on. Is there a botnet abusing or trying to abuse my web host's server for spam mailings? Is my site at risk?
Even if they would do no harm to me or to my web host I do not like seeing those entries. In case the botnet cannot change the referrer, could I just 403 block mywebhost.com in my .htaccess, or might that also prevent legitimate use of my own web forms? (I have no other control over the server.)