[Gllug] Is this spam or a cracking attempt (or what ...)?

Richard Jones rich at annexia.org
Mon Dec 22 17:07:38 UTC 2003 

I've got a hand-crafted feedback form script on my site.  Just now I've
received four odd looking emails, but I have no idea if they're spam or
a cracking attempt or what really.

As you can see from below, it's fairly obviously a script (short
time-frame, no referer header), but from 3 different IP addresses!

142.179.185.241 - - [22/Dec/2003:16:35:46 +0000] "POST /cgi-bin/send_feedback.pl HTTP/1.0" 200 281 "http://www.merjis.com/" "-"
148.223.118.194 - - [22/Dec/2003:16:35:58 +0000] "POST /cgi-bin/send_feedback.pl HTTP/1.0" 200 281 "http://www.merjis.com/" "-"
80.58.4.111 - - [22/Dec/2003:16:37:33 +0000] "POST /cgi-bin/send_feedback.pl HTTP/1.0" 200 281 "http://www.merjis.com/" "-"
142.179.185.241 - - [22/Dec/2003:16:37:49 +0000] "POST /cgi-bin/send_feedback.pl HTTP/1.0" 200 281 "http://www.merjis.com/" "-"

The message I receive is even stranger.

The full headers and body as seen are below, except that I've
disguised some email addresses to stop getting even more spam than I
already do ... Notice the odd 'From:' header.

----------------------------------------------------------------------
>From rich--- at annexia.org Mon Dec 22 16:37:49 2003
Received: from rich by aomori.annexia.org with local (Exim 3.36 #1 (Debian))
        id 1AYT41-00051F-00
        for <info--- at merjis.com>; Mon, 22 Dec 2003 16:37:49 +0000
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: spaininpain at aol.com To:  spaininpain at aol.com From:
        spaininpain at aol.com Subject:
        "17AFDA6E,from" <0KiJQdIySfcm4GCMOWORjJeAXE0.>
Subject: Merjis.com feedback form submission
To: info--- at merjis.com
Message-Id: <E1AYT41-00051F-00 at aomori.annexia.org>
Sender: Richard Jones <rich--- at annexia.org>
Date: Mon, 22 Dec 2003 16:37:49 +0000

body
----------------------------------------------------------------------

Ideas anyone?

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - improving website return on investment
"One serious obstacle to the adoption of good programming languages is
the notion that everything has to be sacrificed for speed. In computer
languages as in life, speed kills." -- Mike Vanier
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list