Security Incidents mailing list archives
Re: formmail
From: Ryan Russell <ryan () securityfocus com>
Date: Sun, 2 Sep 2001 14:44:58 -0600 (MDT)
On 1 Sep 2001, Soeren Ziehe wrote:
There was an attempt to use a formmail perl script installed on our server from a non-local address. A quick grep trough our weblogs for this month and back to the beginning of this year revealed a ton of requests for the 20th this month and a few requests on the 11th, 23th, 27th and 29th.
<SNIP>
IF you've stayed with me until here. Has anyone seen the same access attempts patterns/tool signatures?
Yes, it's been on-and-off our top 5 for some time now: http://aris.securityfocus.com/ Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- formmail Soeren Ziehe (Sep 02)
- Re: formmail Jay D. Dyson (Sep 02)
- Re: formmail dewt (Sep 02)
- Re: formmail Ryan Russell (Sep 03)