Hello, I was just looking at my access.log and came across the below…
note where the aliases say ‘loser’ I changed it to that.
“GET /email@example.com&subject=http://www.twotuxcats.com/cgi-bin/formmail.cgi&body=JupZfirstname.lastname@example.org HTTP/1.1” 404 2502 “-” “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)”
My question is…what the heck is this about?? I had 8 of these today. It happened 2 different times today. Both of the times it called for the files 4 times at the exact same time. I hope that made sense Anyways, where the @aol.com address is, they are all different @aol.com addresses. I also had in my error log, 8 errors for either formmail.cgi or formmail.pl. All of this was done by the same IP which is 18.104.22.168. Oh and if it matters, I don’t have a cgi-bin or a cgi-local directory which someone is looking for these files in.
Can anyone explain what this is about? It just doesn’t seem right to me. Should I block the IP? Any ideas? Thanks!!
I just checked the IP number and it’s Earthlink. So banning it isn’t an option since that’s who my ISP is. I would be blocked also, right?