I have been working with a PR8 site that was having serious bandwidth issues (as in over quota use) and we managed to knock that down nicely with a variety of solutions including installing a spider trap. Recently I had them try an experiment to copy the trap into formmail.cgi to address the growing error log of people trying to hack a non-existant formmail.

Something strange has happened over the past few days though, they are getting a varierty of attacks from all over the world - extremely diverse ip ranges - with the exact user agent "Mozilla/?" (actually two? but forum software strips the 2nd)

Now I don't think any known version of any browser uses that user agent so it can be blocked, but more importantly is someone using a virus to cause innocent dialup and broadband users to do this formmail check for them? I am sure many of you have read about the IRC bots that trigger and collect data from other kinds of world-wide attacks on command, is this a new variation created by spammers?