Forum Moderators: mack
My new website has been up for about 60 days now. I'm using the FastStats analyzer and have had "visitors" from about 400 unique IP addresses. Some of these I can trace back to good old fashioned public relations and passing out my business cards. Others I can't explain. For instance, my logs show hits from at least 20 different countries! Can someone tell me what these hits could be from and how they found me? I am not listed on the search engines yet and have not submitted to any as of yet. I still need to work on my meta tags and content first.
Thanks,
Mona
Apparently these are spammers who, once they find a poorly configured script, will use it to launch spam.
I warned a client about it way back in April, they didn't fix their code, and a couple months later were red-faced after they received a bombardment of angry e-mails asking them to stop sending spam.
As I recall, the script has to be configured to launch email only from your domain, and even better, only from a specific page on your domain. Otherwise, anyone will be able to access your script and launch email from it. To further secure your formmail, you can also rename it to random-name-or-words.pl.
Because these people/bots are looking for a specifically named file, (formmail.pl) your renamed file will have the added benefit of being hidden altogether.
People post here about it once a month. I became aware of this flaw while researching mail scripts for my own site.
Thanks for writing. I looked at my FastStats log and discovered some 404 errors that say "/scripts/yadayadayada/cmd.exe. The yadayada is mostly %255 . . . and other odd text. One entry says "/sumpthin/"
Do these entries mean someone entered this text on the address line after my website url?
I have a button for people to email me and have set the email up through my host. I'm not sure if I have the scenario you are talking about. Can you explain when I would have this type of script set up?
So much to learn!
Mona
palmpal: If you're referring to the site in your profile, you're not using a script. What I see is a simple mailto link. This opens the user's default email client, it doesn't interact with your webserver at all.
Also, a friendly heads-up: There's something funky with your code. This looks weird but it doesn't seem to harm anything:
"// End -->"
However, you have two </head> tags and two <body> tags. And despite your little W3C validation tags... You don't validate. (tut-tut)
<SCRIPT LANGUAGE="JavaScript">
Can you point me in the right direction? (Found out it needs to say <SCRIPT type="text/JavaScript">)
My site still needs much work - I've been spending a lot of time researching the topic of Content. I can't tell you how beneficial webmasterworld has been to me over the last few months.
Thanks,
Mona