PDA

View Full Version : Another lame attack


Charter
08-02-2004, 04:11 AM
At least this one fakes IPs and sets the referrer to look like it comes from your site...

68.82.95.53 - - [02/Aug/2004:04:53:35 -0700] "POST /email.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

66.231.210.185 - - [02/Aug/2004:04:53:36 -0700] "POST /cgi-bin/formmail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

207.10.191.2 - - [02/Aug/2004:04:53:53 -0700] "POST /cgi-bin/contact.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

66.103.44.115 - - [02/Aug/2004:04:53:54 -0700] "POST /cgi-bin/mailform.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

194.63.235.147 - - [02/Aug/2004:04:53:55 -0700] "POST /cgi-bin/formmail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

148.244.143.4 - - [02/Aug/2004:04:53:59 -0700] "POST /cgi-bin/FormMail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

141.225.100.168 - - [02/Aug/2004:04:54:04 -0700] "POST /mail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

196.40.74.60 - - [02/Aug/2004:04:54:05 -0700] "POST /cgi-bin/fmail.pl HTTP/1.1" 403 0 "http://phpdig.net/" "-"

200.48.235.19 - - [02/Aug/2004:04:54:06 -0700] "POST /cgi-bin/form.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-"

65.115.15.44 - - [02/Aug/2004:04:54:07 -0700] "POST /cgi-bin/contact.pl HTTP/1.1" 403 0 "http://phpdig.net/" "-"

151.148.132.119 - - [02/Aug/2004:04:54:07 -0700] "POST /cgi/formmail HTTP/1.0" 403 0 "http://phpdig.net/" "-"

200.48.218.179 - - [02/Aug/2004:04:54:08 -0700] "POST /cgi-bin/mail.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

81.208.58.202 - - [02/Aug/2004:04:54:10 -0700] "POST /cgi-bin/contact.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-"

200.66.98.39 - - [02/Aug/2004:04:54:11 -0700] "POST /formmail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

82.146.48.160 - - [02/Aug/2004:04:54:11 -0700] "POST /cgi-bin/feedback.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

62.131.121.54 - - [02/Aug/2004:04:54:13 -0700] "POST /contact.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

68.42.158.24 - - [02/Aug/2004:04:54:53 -0700] "POST /form-bin/deliver HTTP/1.0" 403 0 "http://phpdig.net/" "-"

193.255.207.253 - - [02/Aug/2004:04:55:02 -0700] "POST /cgi-bin/cgiemail/contact.txt HTTP/1.0" 403 0 "http://phpdig.net/" "-"

66.103.44.115 - - [02/Aug/2004:04:55:03 -0700] "POST /cgi-bin/form.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

82.201.185.18 - - [02/Aug/2004:04:55:06 -0700] "POST /cgi-bin/mailform.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

207.232.252.3 - - [02/Aug/2004:04:55:07 -0700] "POST /cgi-bin/feedback.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

62.135.85.218 - - [02/Aug/2004:04:55:10 -0700] "POST /cgi-bin/mail.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

200.48.218.179 - - [02/Aug/2004:04:55:10 -0700] "POST /cgi-bin/sender.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

141.154.195.77 - - [02/Aug/2004:04:55:11 -0700] "POST /cgi-bin/mailer/mailer.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

62.139.1.3 - - [02/Aug/2004:04:55:13 -0700] "POST /cgi-bin/ezformml.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

207.68.98.5 - - [02/Aug/2004:04:55:14 -0700] "POST /cgi-bin/email.cgi HTTP/1.0" 403 0 "http://phpdig.net/" "-"

151.148.132.150 - - [02/Aug/2004:04:55:16 -0700] "POST /cgi-bin/formmail HTTP/1.0" 403 0 "http://phpdig.net/" "-"

80.55.225.242 - - [02/Aug/2004:04:55:28 -0700] "POST /cgi-bin/npl_mailer.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-"

12.20.135.11 - - [02/Aug/2004:04:55:30 -0700] "POST /cgi-bin/FormMail.cgi HTTP/1.1" 403 0 "http://phpdig.net/" "-"

66.177.75.163 - - [02/Aug/2004:04:55:31 -0700] "POST /cgi-bin/email.pl HTTP/1.0" 403 0 "http://phpdig.net/" "-"

Gotta luv it! :love:

biff
08-02-2004, 03:07 PM
I've been getting similar hits recently, but I don't know how to stop it since the IP address is always changing. Is there a way?

Charter
08-02-2004, 07:55 PM
Hi. One way, if you are using Apache, is to mod_rewrite block on REQUEST_URI and/or HTTP_USER_AGENT.