Welcome to WebmasterWorld Guest from 18.210.27.34

Forum Moderators: Ocean10000 & phranque

Message Too Old, No Replies

X_forwarded_for

followed by IP Number gets banned.

     
9:29 am on Dec 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


What does this say?

200.53.64.*** banned Tue Dec 23 00:08:25 2003 POST www.BlahBlah.com/cgi-bin/FormMail.pl "" "Mozilla/4.06 (Win95; I)" [b]VIA="1.1 bess-proxy.infosel.com:8263 (N2H2 Proxy Server/4.22)" X_FORWARDED_FOR=[/b]"69.56.132.***" 
200.53.64.*** banned Tue Dec 23 00:08:25 2003 POST www.BlahBlah.com/cgi-bin/FormMail.cgi "" "Mozilla/4.06 (Win95; I)" [b]VIA="1.1 bess-proxy.infosel.com:8263 (N2H2 Proxy Server/4.22)" X_FORWARDED_FOR=[/b]"69.56.132.***"



Oddly enough, I just checked my access_log files:

200.53.64.*** - - [23/Dec/2003:00:08:25 -0800] "POST /cgi-bin/FormMail.pl HTTP/1.0" [b]200[/b] 163 "-" "Mozilla/4.06 (Win95; I)"
200.53.64.*** - - [23/Dec/2003:00:08:25 -0800] "POST /cgi-bin/FormMail.cgi HTTP/1.0" [b]200[/b] 163 "-" "Mozilla/4.06 (Win95; I)"
200.53.64.*** - - [23/Dec/2003:00:08:25 -0800] "POST /cgi-bin/formmail.cgi HTTP/1.0" 403 480 "-" "Mozilla/4.06 (Win95; I)"
200.53.64.*** - - [23/Dec/2003:00:08:25 -0800] "POST /cgi-bin/formmail.pl HTTP/1.0" 403 480 "-" "Mozilla/4.06 (Win95; I)"
200.53.64.*** - - [23/Dec/2003:00:08:26 -0800] "POST /cgi-bin/formmail2.cgi HTTP/1.0" 403 480 "-" "Mozilla/4.06 (Win95; I)"
200.53.64.*** - - [23/Dec/2003:00:08:26 -0800] "POST /cgi-bin/FormMail2.pl HTTP/1.0" 403 480 "-" "Mozilla/4.06 (Win95; I)"



This is the same IP Number. I understand why some were nailed, but how did the first two slip by?

What does this have to do with X_FORWARDED_FOR?

Pendanticist.

6:07 am on Dec 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
posts:25430
votes: 0


pendanticist,

This just looks like several requests for formmail.pl and .cgi on your site from 69.**.132.***, coming through an open proxy at 200.**.64.***, and they tripped some filter after a couple of requests and got banned.

Jim

7:50 am on Dec 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Thank You, Sir!

;)