Http scanning for cgi based mail-relays.

From: measlat_private
Date: Wed Jul 18 2001 - 06:17:03 PDT

  • Next message: w1re p4ir: ""Code Red" worm questions"

    Greetings.
    
    	Below is an excerpt from one of our http server logs.  Rather
    cute, ya?  Just for the record, the skr1pt k1dd1e
    ("truzoomat_private") doing the scanning is still online with AOL, even
    though (1) AOL was sent copies of email from this kid acknowledging the
    scans were his/hers; (b) AOL recieved copies of the full logs; (c) AOL
    sent us their standard boilerplate "Thanks for reporting this, we have
    dealt with it according to our AUP".
    
    -- 
    Yours, 
    J.A. Terranson
    sysadminat_private
    
    ==========================================================================
    lsanca1-ar9-189-190.lsanca1.dsl.gtei.net - - [17/Jul/2001:22:45:56 -0500]
    "GET /cgi-bin/formmail.cgi?email=eroticascannerat_private&recipient=
    truzoomat_private&subject=www.mfn.org/cgi-bin/formmail.cgi&msg=Hiya
    HTTP/1.0" 404 282 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)"
    
    
    
    ----------------------------------------------------------------------------
    
    
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:
    
    http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 09:57:56 PDT