Welcome to WebmasterWorld Guest from 126.96.36.199
125.188.29.#*$! - - [23/May/2007:14:20:34 +0200] "POST /mypage.html HTTP/1.1" 200 34148 "http:// www.mywebhost.com/cgi-bin/formmail.cgi" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
The referrer is constant. Sometimes there is a user agent, sometimes there is just a dash. The IP is always different - zombies? There is no web form on that particular page.
I asked my web host, and they just said "don't worry", without explaining what was going on. Is there a botnet abusing or trying to abuse my web host's server for spam mailings? Is my site at risk?
Even if they would do no harm to me or to my web host I do not like seeing those entries. In case the botnet cannot change the referrer, could I just 403 block mywebhost.com in my .htaccess, or might that also prevent legitimate use of my own web forms? (I have no other control over the server.)
Is there a botnet abusing or trying to abuse my web host's server for spam mailings? Is my site at risk?
If you don't have formmail or have it installed in a different directory, it's not an issue.
84.158.xx.yy - - [30/May/2007:23:35:03 +0300] "POST /xyz.html HTTP/1.0" 200 7719 "http://reddit.com/login" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
IPs are from all over the world (mostly US and Europe). What could this be?