Ahhhh I was wondering what that /cgi-bin/formmail.pl thing was that kept showing up. What is that exactly and what are they after, and should I be overly worried? A.
----- Original Message ----- From: "Daryl Banttari" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 15, 2002 10:36 AM Subject: Re: [KCFusion] OT: browser type > Probably a Java-based vulnerability scanner. If your site is linked a lot, > expect /many/ of these sorts of attempts every day. > > Things like: (a sample of the most popular vulnerability scans from my > logs) > /_vti_bin/_vti_aut/author.exe > /cgi-bin/formmail.pl > /msoffice/cltreq.asp > /_vti_bin/owssvr.dll > /cgi-bin/formmail.cgi > /cgi-local/formmail.pl > /cgi-local/formmail.cgi > /cgibin/formmail.cgi > /cgibin/formmail.pl > > And, of course, all of the usual CodeRed and CRII scans. (Which are blocked > by my firewall software and never make it into my logs.) > > --Daryl > > ----- Original Message ----- > From: "Keith Purtell" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, April 15, 2002 9:03 AM > Subject: RE: [KCFusion] OT: browser type > > > > Well, the page request came from an overseas IP address, and they were > > trying to access a page that might contain information about > administrators, > > so I was suspicious. Thanks for the info. > > > > Keith Purtell, Web/Network Administrator > > VantageMed Operations (Kansas City) > > Email: [EMAIL PROTECTED] > > > > CONFIDENTIALITY NOTICE: This email message, including any attachments, is > > for the sole use of the intended recipient(s) and may contain confidential > > and privileged information. Any unauthorized review, use, disclosure or > > distribution is prohibited. If you are not the intended recipient, please > > contact the sender by reply email and destroy all copies of the original > > message. > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > > Behalf Of Ryan Hartwich > > Sent: Monday, April 15, 2002 8:55 AM > > To: [EMAIL PROTECTED] > > Subject: RE: [KCFusion] OT: browser type > > > > > > Java 1.3.0 is one of the current standard versions of the java virtual > > machine. I believe the numbers are the same as what is installed by > > Netscape 6/6.2 and is or was one of the versions that Jrun and the betas > > of CF MX uses. You might be seeing another server trying to pull a page > > versus a browser, or just a funky Unix browser like Mozilla that is > > highly dependent on Java. > > > > Ryan > > > > > > > > > > > > ______________________________________________________________________ > > The KCFusion.org list and website is hosted by Humankind Systems, Inc. > > List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org > > Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] > > To Subscribe.................... mailto:[EMAIL PROTECTED] > > To Unsubscribe................ mailto:[EMAIL PROTECTED] > > > > > > > > ______________________________________________________________________ > The KCFusion.org list and website is hosted by Humankind Systems, Inc. > List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org > Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] > To Subscribe.................... mailto:[EMAIL PROTECTED] > To Unsubscribe................ mailto:[EMAIL PROTECTED] > ______________________________________________________________________ The KCFusion.org list and website is hosted by Humankind Systems, Inc. List Archives........ http://www.mail-archive.com/cf-list@kcfusion.org Questions, Comments or Glowing Praise.. mailto:[EMAIL PROTECTED] To Subscribe.................... mailto:[EMAIL PROTECTED] To Unsubscribe................ mailto:[EMAIL PROTECTED]