Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

cgi-bin formmail queries.

Now the Koreans are getting into the act?

3:24 am on Jan 31, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
votes: 0

Lately, I've been noticing formmail queries originating from Korean ISPs such as certcc.or.kr and kornet.net.

Anyone else?

(In the last couple of months my Netscape e-mail account has all but been taken over by Koreans sending out UCE/SPAM in, of all things, the Korean language. Hello?!?)


3:42 am on Jan 31, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 30, 2000
votes: 0

You might find that they from the US using .kr proxies.
3:51 am on Jan 31, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 16, 2002
votes: 0

Interesting... I get about two blank formmail entries a day from each site of mine, so someone is feeling them out lately. I will investigate the IPs and see.

Sounds remotely related to this thread [webmasterworld.com...]

Would it be considered bad behavior to block all access to both Korea and India, or as webmasters do we just have the right to ban whomever we feel that cannot be productive or profitable access. I would feel a tad guilty but might get over it if it reduces my stress level. Then again they could always use a proxy in the usa if they really knew what they were doing.

Anyone come up with some decent mod_rewrite code for entire countries like that?

11:53 am on Jan 31, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
votes: 0

Well, there are two mentions of proxies. Anyone wish to post how to determine if this is indeed the case?


12:48 pm on Feb 3, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 7, 2002
votes: 0

I got fed up with the amount of rubbish in my error logs, I just filter it out.

The following lines are included for each VirtualHost on my Apache server. Each request matching the string will take you to the file
where mysite.com is the domain name of the site.

This way your error log only has *real* errors in it. For more fun, change
or something like that, so that all the stuff resulting from holes in their software, e.g. the _vti_ stuff, etc., uses their bandwidth, not mine..

RedirectMatch 301 _vti_* [mysite.com...]
RedirectMatch 301 msoffice [mysite.com...]
RedirectMatch 301 MSOffice [mysite.com...]
RedirectMatch 301 FormMail [mysite.com...]
RedirectMatch 301 ForMmail [mysite.com...]
RedirectMatch 301 Formmail [mysite.com...]
RedirectMatch 301 formmail [mysite.com...]
RedirectMatch 301 cmd.exe [mysite.com...]
RedirectMatch 301 root.exe [mysite.com...]
RedirectMatch 301 check.bat [mysite.com...]
RedirectMatch 301 winnt [mysite.com...]
RedirectMatch 301 win.ini [mysite.com...]
RedirectMatch 301 ..%5c [mysite.com...]
RedirectMatch 301 default.ida [mysite.com...]
RedirectMatch 301 null. [mysite.com...]
RedirectMatch 301 NULL. [mysite.com...]
RedirectMatch 301 galaxy_ [mysite.com...]
RedirectMatch 301 index_failed [mysite.com...]
RedirectMatch 301 files_ [mysite.com...]
RedirectMatch 301 _file [mysite.com...]
RedirectMatch 301 _archivos [mysite.com...]
RedirectMatch 301 _bestanden [mysite.com...]
RedirectMatch 301 proxy_target.XPT [mysite.com...]
RedirectMatch 301 /Unknown [mysite.com...]
RedirectMatch 301 cgibin [mysite.com...]
RedirectMatch 301 robos.txt [mysite.com...]

2:05 pm on Feb 3, 2003 (gmt 0)

Full Member

10+ Year Member

joined:May 23, 2002
votes: 0

I think it may be on an upswing. There were a couple of months when I only saw maybe one or two a month now I'm seeing at least one or two a day.

What gets me is that I even got one on a new site, hosting has been up for a week, that is still in production that has basically a blank page at the front door and no links.

I'm also seeing Korea but also had one from Trinidad and Tobago last night.