Security Incidents mailing list archives

Re: formmail

From: Ryan Russell <ryan () securityfocus com>
Date: Sun, 2 Sep 2001 14:44:58 -0600 (MDT)

On 1 Sep 2001, Soeren Ziehe wrote:


There was an attempt to use a formmail perl script installed on our
server from a non-local address.

A quick grep trough our weblogs for this month and back to the beginning
of this year revealed a ton of requests for the 20th this month and a
few requests on the 11th, 23th, 27th and 29th.

<SNIP>


IF you've stayed with me until here. Has anyone seen the same access
attempts patterns/tool signatures?


Yes, it's been on-and-off our top 5 for some time now:
http://aris.securityfocus.com/

                                        Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

formmail Soeren Ziehe (Sep 02)
- Re: formmail Jay D. Dyson (Sep 02)
- Re: formmail dewt (Sep 02)
- Re: formmail Ryan Russell (Sep 03)