Attempt at cgi mail exploit
Ted Roche
tedroche at tedroche.com
Wed Aug 31 21:55:00 EDT 2005
An attempt to exploit a cgi-email script at http://www.tedroche.com/
contact.html was made from a computer located at 213.112.195.100
according to the logs:
213.112.195.100 - - [31/Aug/2005:17:05:29 -0400] "POST /cgi-bin/
gypsymail.py/traacontact.txt/traaemail.txt HTTP/1.1" 200 674 "http://
www.tedroche.com/" "-"
My question: how likely is it that the IP address in my Apache logs
is correct? I'd like to report the abuse to the ISP, but there is no
point if it is spoofed.
FYI, the script was attempting to generate an email resembling the
following. Note that the aol.com address can be found in thousands of
attempts if you search Google. That particular page is coded to send
to me only, so I don't believe they were successful. Clever little
devils, eh?
wpappvg at tedroche.com
Content-Type: multipart/mixed; boundary="===============2097271380=="
MIME-Version: 1.0
Subject: e2d198bc
To: wpappvg at tedroche.com
bcc: mhkoch321 at aol.com
From: wpappvg at tedroche.com
This is a multi-part message in MIME format.
--===============2097271380==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
efejut
--===============2097271380==--
More information about the gnhlug-discuss
mailing list