Forum Moderators: DixonJones
66.65.33.122 - - [28/Feb/2003:23:39:21 -0800] "GET /cgi-bin/formmail.cgiemail=mma47@nou61.com&realname=mma47@nou61.com&recipient={{start%20chunk}}<NetJump2020@aol.com>www.blah.com,{{end%20chunk}}&subject={{subject}}&43hq76=%0D%0A%0D%0A{{body}}{{rndreturns}}43hq76%20~vms HTTP/1.0" 404 438 "-" "-"
66.65.33.122 - - [28/Feb/2003:23:39:21 -0800] "GET /cgi-bin/formmail.plemail=tjs71@fzt77.com&realname=tjs71@fzt77.com&recipient={{start%20chunk}}<NetJump2020@aol.com>www.blah.com,{{end%20chunk}}&subject={{subject}}&29vi79=%0D%0A%0D%0A{{body}}{{rndreturns}}29vi79%20~vms HTTP/1.0" 200 816 "-" "-"
This has got to be one of the strangest I've seen yet.
Also, any ideas what all the {}{}{}{}'s are about?
Is someone trying to yank my chain, or is this something all together new?
Pendanticist.
this looks like somebody is testing wether these scripts exists on your webserver and then testing for errors in these scripts to attack your webserver.
frommail is well known to have bugs that you can gain access to a webserver easyly.
-hakre
this looks like somebody is testing wether these scripts exists on your webserver and then testing for errors in these scripts to attack your webserver.frommail is well known to have bugs that you can gain access to a webserver easyly.
I have no CGI-Bins [webmasterworld.com] hakre. In fact, I just closed two Open Proxy Servers [webmasterworld.com] in two days reporting formmail queries somewhat similar to the above.
What I don't understand is the methodology/encoding in this particular case. Normally, the addies are at least real looking and mostly aol and mail.com are used within the query itself.
See what I'm referring to? These three nuances are new to me.. Never seen them before, in this way.
Pendanticist.
