TimeShadow wrote: > I am having a problem with a user trying to access a formmail.pl script on a > Linux server. > > I have a cgi script that alerts me when a user tries to connect to a file > that doesn't exist (ie. broken links). For a few months now, a user has > been trying to access formmail.pl in my cgi-bin. Formmail.pl was installed > to cgi-sys by my hosting company so the user is trying for nothing. > > My script is suppose to tell me the referring url as well. With this > person/persons, there has not ever been a referrer. The ip and host is > always different and from all over the world. This makes me think it is > coming from a submission form of some sort. Here is one thing that is > always constant: > > HTTP_USER_AGENT: Gozilla/4.0 (compatible; MSIE 5.5; windows 2000) > > and most of the time this: > > SERVER_PROTOCOL: HTTP/1.1Content-Type: application/x-www-form-urlencoded > > My question is: Is there a way I can find out where this is coming from? > Tracing the ip and host has been no help. There has never been a referrer. > Any ideas?
Those are basically break-in attempts coming from - more than likely - compromised machines doing the bidding of hackers. If you can't determine/report the host in question, then just ignore it. -- ,-/- __ _ _ $Bill Luebkert ICQ=14439852 (_/ / ) // // DBE Collectibles Mailto:[EMAIL PROTECTED] / ) /--< o // // http://dbecoll.tripod.com/ (Free site for Perl) -/-' /___/_<_</_</_ Castle of Medieval Myth & Magic http://www.todbe.com/ _______________________________________________ Perl-Win32-Users mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
