Possible hack attempt thru formmail.cgi

Forum Moderators: DixonJones

Message Too Old, No Replies

Possible hack attempt thru formmail.cgi

what should i do?

troi21

4:54 pm on Jan 17, 2003 (gmt 0)

i realise thru reading this board that it's probably someone trying to use the script to send spam. but everyone seems to mention that it should be a 404 error code but it is a 502 for me. does that change anything? i do not have the script but this is the 2nd time this week i have noticed it in my log files

creative craig

5:10 pm on Jan 17, 2003 (gmt 0)

I get them alot, mine always kick out a 404 though, so I am not to sure what that means, I am sure that some one here will know :)

Craig

bingymon

5:20 pm on Jan 17, 2003 (gmt 0)

i realise thru reading this board that it's probably someone trying to use the script to send spam.

Undoubtedly. Since you don't have the script I wouldn't worry about it too much though. I've seen them countless times in our error logs too. Formmail does have a vulnerability but there are now better scripts that protect you from spammers tactics...

jdMorgan

5:28 pm on Jan 17, 2003 (gmt 0)

troi21,

502 definition:

502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request.

This may mean the attempt was successful, but was rejected by the next mail server in the path...

Jim

Staffa

5:33 pm on Jan 17, 2003 (gmt 0)

I used to have them several times a week trying *.pl and *.cgi.
Though I don't have these files on the server I got fed up and made a formmail file with each extension containing just a single line redirect.
Since then the number of attempts to access these files has considerably dropped.