|
08-02-2004, 05:11 AM | #1 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Another lame attack
At least this one fakes IPs and sets the referrer to look like it comes from your site...
68.82.95.53 - - [02/Aug/2004:04:53:35 -0700] "POST /email.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 66.231.210.185 - - [02/Aug/2004:04:53:36 -0700] "POST /cgi-bin/formmail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 207.10.191.2 - - [02/Aug/2004:04:53:53 -0700] "POST /cgi-bin/contact.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 66.103.44.115 - - [02/Aug/2004:04:53:54 -0700] "POST /cgi-bin/mailform.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 194.63.235.147 - - [02/Aug/2004:04:53:55 -0700] "POST /cgi-bin/formmail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 148.244.143.4 - - [02/Aug/2004:04:53:59 -0700] "POST /cgi-bin/FormMail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 141.225.100.168 - - [02/Aug/2004:04:54:04 -0700] "POST /mail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 196.40.74.60 - - [02/Aug/2004:04:54:05 -0700] "POST /cgi-bin/fmail.pl HTTP/1.1" 403 0 "http://phpdig.net/" "-" 200.48.235.19 - - [02/Aug/2004:04:54:06 -0700] "POST /cgi-bin/form.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-" 65.115.15.44 - - [02/Aug/2004:04:54:07 -0700] "POST /cgi-bin/contact.pl HTTP/1.1" 403 0 "http://phpdig.net/" "-" 151.148.132.119 - - [02/Aug/2004:04:54:07 -0700] "POST /cgi/formmail HTTP/1.0" 403 0 "http://phpdig.net/" "-" 200.48.218.179 - - [02/Aug/2004:04:54:08 -0700] "POST /cgi-bin/mail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 81.208.58.202 - - [02/Aug/2004:04:54:10 -0700] "POST /cgi-bin/contact.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-" 200.66.98.39 - - [02/Aug/2004:04:54:11 -0700] "POST /formmail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 82.146.48.160 - - [02/Aug/2004:04:54:11 -0700] "POST /cgi-bin/feedback.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 62.131.121.54 - - [02/Aug/2004:04:54:13 -0700] "POST /contact.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 68.42.158.24 - - [02/Aug/2004:04:54:53 -0700] "POST /form-bin/deliver HTTP/1.0" 403 0 "http://phpdig.net/" "-" 193.255.207.253 - - [02/Aug/2004:04:55:02 -0700] "POST /cgi-bin/cgiemail/contact.txt HTTP/1.0" 403 0 "http://phpdig.net/" "-" 66.103.44.115 - - [02/Aug/2004:04:55:03 -0700] "POST /cgi-bin/form.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 82.201.185.18 - - [02/Aug/2004:04:55:06 -0700] "POST /cgi-bin/mailform.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 207.232.252.3 - - [02/Aug/2004:04:55:07 -0700] "POST /cgi-bin/feedback.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 62.135.85.218 - - [02/Aug/2004:04:55:10 -0700] "POST /cgi-bin/mail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 200.48.218.179 - - [02/Aug/2004:04:55:10 -0700] "POST /cgi-bin/sender.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" 141.154.195.77 - - [02/Aug/2004:04:55:11 -0700] "POST /cgi-bin/mailer/mailer.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 62.139.1.3 - - [02/Aug/2004:04:55:13 -0700] "POST /cgi-bin/ezformml.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 207.68.98.5 - - [02/Aug/2004:04:55:14 -0700] "POST /cgi-bin/email.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-" 151.148.132.150 - - [02/Aug/2004:04:55:16 -0700] "POST /cgi-bin/formmail HTTP/1.0" 403 0 "http://phpdig.net/" "-" 80.55.225.242 - - [02/Aug/2004:04:55:28 -0700] "POST /cgi-bin/npl_mailer.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-" 12.20.135.11 - - [02/Aug/2004:04:55:30 -0700] "POST /cgi-bin/FormMail.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-" 66.177.75.163 - - [02/Aug/2004:04:55:31 -0700] "POST /cgi-bin/email.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-" Gotta luv it!
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
08-02-2004, 04:07 PM | #2 |
Green Mole
Join Date: Jun 2004
Posts: 2
|
I've been getting similar hits recently, but I don't know how to stop it since the IP address is always changing. Is there a way?
__________________
Biff's Lyrics Archive |
08-02-2004, 08:55 PM | #3 |
Head Mole
Join Date: May 2003
Posts: 2,539
|
Hi. One way, if you are using Apache, is to mod_rewrite block on REQUEST_URI and/or HTTP_USER_AGENT.
__________________
Responses are offered on a voluntary if/as time is available basis, no guarantees. Double posting or bumping threads will not get your question answered any faster. No support via PM or email, responses not guaranteed. Thank you for your comprehension. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Maybe it was hacker`s attack? | Anton | Troubleshooting | 0 | 12-08-2005 09:01 PM |