Security Incidents mailing list archives
Http scanning for cgi based mail-relays.
From: <measl () mfn org>
Date: Wed, 18 Jul 2001 08:17:03 -0500 (CDT)
Greetings.
Below is an excerpt from one of our http server logs. Rather
cute, ya? Just for the record, the skr1pt k1dd1e
("truzoom () aol com") doing the scanning is still online with AOL, even
though (1) AOL was sent copies of email from this kid acknowledging the
scans were his/hers; (b) AOL recieved copies of the full logs; (c) AOL
sent us their standard boilerplate "Thanks for reporting this, we have
dealt with it according to our AUP".
--
Yours,
J.A. Terranson
sysadmin () mfn org
==========================================================================
lsanca1-ar9-189-190.lsanca1.dsl.gtei.net - - [17/Jul/2001:22:45:56 -0500]
"GET /cgi-bin/formmail.cgi?email=eroticascanner () aol com&recipient=
truzoom () aol com&subject=www.mfn.org/cgi-bin/formmail.cgi&msg=Hiya
HTTP/1.0" 404 282 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
Current thread:
- Http scanning for cgi based mail-relays. measl (Jul 18)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)
- Re: Http scanning for cgi based mail-relays. David Luyer (Jul 19)
- Re: Http scanning for cgi based mail-relays. Chip McClure (Jul 18)