Re: formmail.pl

To: Stefaan Teerlinck <stefaan@itecom.be>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: formmail.pl
From: Mike Barushok <mikehome@kcisp.net>
Date: Mon, 3 Feb 2003 00:52:43 -0600 (CST)
Message-id: <[🔎] Pine.LNX.4.21.0302030042480.13277-100000@kcisp2>
In-reply-to: <[🔎] auto-000001681612@itecom.be>

something along the lines of:
  grep -r "formmail.pl" /var/log/apache/access/*.log | less

will show the attempts on all the [domain_name].log files if they
are in /var/log/apache/access/


  grep -r "formmail.pl" /var/log/apache/access/*.log | grep -v 40 | less

will filter out those that are 40X errors. 


  grep -r "formmail.pl" /var/log/apache/access/*.log | grep -v 40 | grep -v 30 | less

will additionally filter out those attempts blocked by 'deny'
rules in your http.conf

Hope this helps.

Also, you might want to do something like:
  find /home/ -name formmail -ls
to find all formmail.pl, formmail.cgi, formmail.php3 etc files


On Mon, 3 Feb 2003, Stefaan Teerlinck wrote:

> Hi,
> 
> I have a server with a lot of name-based virtual hosts. On one of those
> sites the formmail.pl script is being abused, a client is using an
> unsecure script. How can I find out on what site this is?
> 
> Thanks,
> Stefaan.
> 
>

Reply to:

References:
- formmail.pl
  - From: "Stefaan Teerlinck" <stefaan@itecom.be>

Prev by Date: formmail.pl
Next by Date: RE: formmail.pl
Previous by thread: formmail.pl
Next by thread: Re: formmail.pl
Index(es):
- Date
- Thread