[Gllug] More coordinated attacks

Sat Jul 17 11:20:38 UTC 2004

looks like someone is trying to see if you have any buggy formmail cgi scripts
that can be used to send spam,

had this a while ago, try submitting the ips to one of the open realy black
hole lists, like rbhl.org (i think) or spamcop, chances are these are running
open relays aswell

Ian

On Sat, Jul 17, 2004 at 10:35:48AM +0100, Richard Jones wrote:
> 
> I think I've asked about this before.  I've just observed another
> coordinated attack, the biggest ever.  Notice there are about 10
> completely separate IPs, but the attacks are close in time.
> 
> This surely indicates some script kiddie actually directing a load of
> zombie machines to attack the site?  Or is this a centrally
> controlled, but automated attack?
> 
> Rich.
> 
> [Sat Jul 17 10:12:34 2004] [error] [client 195.235.81.93] script not found or unable to stat: /usr/lib/cgi-bin/form_processor.pl
> [Sat Jul 17 10:12:40 2004] [error] [client 64.14.144.85] script not found or unable to stat: /usr/lib/cgi-bin/form_processor.pl
> [Sat Jul 17 10:12:50 2004] [error] [client 200.176.2.40] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Sat Jul 17 10:12:52 2004] [error] [client 141.154.195.77] script not found or unable to stat: /usr/lib/cgi-bin/contact.cgi
> [Sat Jul 17 10:12:55 2004] [error] [client 216.128.69.140] script not found or unable to stat: /usr/lib/cgi-bin/mailform.pl
> [Sat Jul 17 10:12:56 2004] [error] [client 200.48.218.179] script not found or unable to stat: /usr/lib/cgi-bin/formmail.cgi
> [Sat Jul 17 10:13:03 2004] [error] [client 64.14.144.85] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Sat Jul 17 10:13:11 2004] [error] [client 12.220.197.15] script not found or unable to stat: /usr/lib/cgi-bin/FormMail.pl
> [Sat Jul 17 10:13:19 2004] [error] [client 141.158.65.245] File does not exist: /home/rich/websites/j-london.com/mail.cgi
> [Sat Jul 17 10:13:19 2004] [error] [client 141.158.65.245] script not found or unable to stat: /usr/lib/cgi-bin/fmail.pl
> [Sat Jul 17 10:13:32 2004] [error] [client 12.220.197.15] script not found or unable to stat: /usr/lib/cgi-bin/form.cgi
> [Sat Jul 17 10:13:36 2004] [error] [client 63.160.254.40] script not found or unable to stat: /usr/lib/cgi-bin/contact.pl
> [Sat Jul 17 10:13:37 2004] [error] [client 212.239.72.14] File does not exist: /home/rich/websites/j-london.com/cgi/formmail
> [Sat Jul 17 10:13:42 2004] [error] [client 194.30.221.62] script not found or unable to stat: /usr/lib/cgi-bin/mail.cgi
> 
> -- 
> Richard Jones. http://www.annexia.org/ http://www.j-london.com/
> Merjis Ltd. http://www.merjis.com/ - improving website return on investment
> http://www.winwinsales.co.uk/ - CRM improvement consultancy
> -- 
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug

-- 
/* www.darkspace.org.uk {
 web development, application development, consultancy, firewalls 
 */
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug