Forum Moderators: DixonJones
I've been scanning our log files and noticed that in the last couple of days, we've had quite a few requests to a non existent file in the cgi-bin.
"POST /cgi-bin/formmail.pl HTTP/1.0" 404 131072 "http://www.mysite.com/" "-"
It appears that the referrer is the index page of our website. Is it possible that someone is just trying to access the cgi-bin manually? If so, then it refers them to our customised Error 404 not found file. What I don't understand is how it is a 'POST', which I thought would only show via a submit button and the accompanying code.
We do have a couple of enquiry forms on the website that link to other pl files in the cgi-bin and these are all correctly linked.
Could anyone shed any light on this?
Many thanks
Hannah
The referrer is of course faked.
Is there anything I can do to stop this?
Can others access my cgi-bin anyway? i.e. could the real files names be harvested from there?
Cheers
Hannah
Thanks very much for that zCat!Is there anything I can do to stop this?
Not really. It would only be a real problem if you actually use the script(s) in question, otherwise it's just a minor annoyance. You can block the persistantly offending IP addresses in .htaccess or similar, though these kind of requests come from a variety of sources, so personally I don't bother. You could also deny access to the (non-existent) script (generate a 403 rather than a 404 error). In your case the 404 error seems to be generating a 128KB file, which is a little hefty and too much bandwith to waste on some bot.
Can others access my cgi-bin anyway? i.e. could the real files names be harvested from there?
If the files are referenced somewhere on your site (in forms etc.) they'd be easy enough to find if someone is looking. It depends on your setup, but its unlikely your cgi-bin directory will be readable in index mode (so that all files are visible). Try it and see
(e.g. [example.com...] ).
