> Is someone looking for a way to relay email?

Yes, just like you can scan a host for open ports; so too can you scan a web server for vulnerable scripts; which is what you are seeing.

Nothing to worry about - as long as you aren't running a vulnerable version of any of the scripts that it is scanning for.

And it's generally a good idea to rename any free or commercially available scripts that you use, even if you believe them to be secure. If a vulnerability should be discovered later, hackers running those scanning programs won't find your script by its commonly known name.

I find that even if they renamed their script, most people would still call it directly from an html form- a hacker would only need to parse the form.

It's also disturbing to see how many people leave a "from" and "to" as hidden form fields for all the spammer-bots to read.

My mailer class is only called after checkout, and then not directly triggered by a form request. If not I'd be paranoid that I could suffer from the same attack as microcars.

This is happening to me a lot lately too. My host told me that he'd "cut my toes off" if I used any of the "perl things" like the scripts you mentioned.

I get weird requests to non-existent .htm files too. I have only ever used .html anyway so it's not some old index info. What's that about?

I'm not running any scripts other than PHORUM which is PHP and this little site is hosted by a hosting company, not my own 'puter.

I also regularly get failed requests for some sort of MICROSOFT OFFICE file like this:

2: /MSOffice/cltreq.asp

/MSOffice/cltreq.asp

Is the discussion bar that IE has if memory serves me right.

These guys are looking to bounce spam mail off your hosting account. They probably know it is a shared host and are hoping that you have more permissions on the server than you have administrative abilities. It might look senseless, but it is how they survive to spam... mostly from shared hosting accounts, compromised windows machines that have cable modem and dsl and of course free email accounts. Until some spammers do some jail time, and it starts to cost them more to get out of trouble than they make from spamming... it isn't going away.

danieljean, as you can see, though, they're not parsing any forms on microcars' site to get to his cgi scripts. They're just directly hammering his cgi-bin with any and every variation on the script name formmail. I'm not saying your mailer script is vulnerable -- not knowing what you use, I can't say that -- but the hackers don't bother to parse a form on your site to try to get to it.

If you use a form on your site, and if it has a commonly known name, it could be vulnerableno matter how you call it.

Lest they should give up on that tack and start looking for other stuff ..
unless you really really can't live without them you might want to switch off /remove squirrel : mxexchange :horde and all php guestbooks ...

Then check which version of apache you are running and make sure it's the latest ..some of the older ones .( and there are still some very big host companies who haven't taken the trouble to update yet ) have some very porous shells ...even a simple page request and older apaches will send back "nope password page wasn't where you asked ..it's here" ..really!

Never really a good idea to have anything that lets anyone write anything on your server ..unless you know exactly what you are doing /seeing ...