one of the servers has recently been under ddos attack
some of the IP's are 200.49.21x.xx and 81.223.xx.**** which seem to come out of austria and argentina, but some traceroutes i run come up with "does not exist" type results
spammers, hackers, mydoom?
a google for those scripts comes up with some obscure references to those files ...
[edited by: Brett_Tabke at 12:58 pm (utc) on July 27, 2004]
Kaled.
i now notice error entries in my logs for scripts that ARE hosted on my site. its tellafriend.cgi which isnt a generic name that was being targetted before (eform.pl, formmail.pl)
log says "script not found or unable to stat" (stat no typo)
are my scripts being disabled? at a first try, i could not get it to work ...
Spammers auto search for formmail.cgi as if found it is thought to be easily compromised. If you see that it is not found in error logs then you are all OK - the spammers have moved on.
One common from to mail is 'Matt's Form to Mail', early versions of which were highly hackable by all accounts, when looking for a form to mail find one that is secure.
If you see from your main usage logs that it is getting a lot more traffic than usual then it becomes something you would need to investigate.
Like I saif though if it is there in the error log you can rest easy as the resource was not found.
OK - errors for files that are on your site is more worrying but not due to hackers I would have thought. If you got an error there and the logs show other errors then there is something screwy with the scripts.
You said 'at first try i could not get it to work', does this mean it worked later? If it is intermittent I would monitor it and let your host know when it stops working next. See if they can track down what the problem is, especially if it is a script that is provided by them. They may have access to more detialed error logs to help them find out what triggered these errors too.
Chubba
