l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2001 Dec 30 17:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] wtf?!? heads up on doorknob twisting
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] wtf?!? heads up on doorknob twisting



so i'm editing the apache error file, trying to iron out a few bugs in a perl
cgi.   what i like to do is try to fix the problem, place a

==========

at the end of the file, and retry.  this makes it easier to see what errors
remain, so i don't confuse the previous errors with the current errors.  i go
to write the file and see the message


	file has changed since last reading.  still write file (y/n)?


i quit without saving, and re-edit the file.  here's what i'm staring at:

[Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or
	unable to stat: /usr/lib/cgi-bin/formmail.pl
[Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or
	unable to stat: /usr/lib/cgi-bin/formmail.cgi

now this looks fishy.  in fact, i find:

[Fri Jul 27 07:38:09 2001] [error] [client 172.149.146.140] script not found or unable to stat: /usr/lib/cgi-bin/formmail.cgi
[Fri Jul 27 07:38:12 2001] [error] [client 172.149.146.140] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
[Fri Jul 27 12:46:24 2001] [error] [client 209.9.133.3] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
[Fri Jul 27 18:58:57 2001] [error] [client 24.21.118.170] File does not exist: /www/cgi-local/formmail.cgi
[Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
[Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or unable to stat: /usr/lib/cgi-bin/formmail.cgi

seems like this is a popular script.  i've never heard of it.  after googling,
i've found that this is a script that people can exploit to send spam.

i just wanted other people to be aware of this.  formmail dne on my machine.
it could be on other peoples' machines.

pete

-- 
"The following addresses had permanent fatal errors..."      p@dirac.org
                               -- Mailer Daemon              www.dirac.org/p


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.