Where


When

Who

< QOTD | Main | A Snapshot of Music >

June 5, 2002

Web Security

So, looking through my logs I keep seeing people probing for this one cgi script called formmail.pl. What's great about these probes is that they give me all their information.:

64.108.203.174 - - [04/Jun/2002:15:16:24 -0400] "GET /cgi-bin/formmail.pl?email=lafam&subject=www%2Eezoons%2Ecom%2Fcgi%2Dbin

%2Fformmail%2Epl&recipient=isyndr0i%40aol%2Ecom&msg=Formmail_Found! HTTP/1.1Content-Type: application/x-www-form-urlencoded" 404 2050 "-" "Gozilla/4.0 (compatible; MSIE 5.5; windows 2000)"

So, if I really wanted I could send them back some email. I was wondering if this constitutes 'abuse', because I could then email their isp (in this case AOL). Either that or I could start signing them up for lots of mailing lists or for lots of spam.

Posted by snooze at June 5, 2002 12:31 PM