hacking attempt on Apache?
Hi,
I got this in my logs:
12.135.225.155 - - [30/Jun/2004:13:41:07 +0200] "POST
/cgi-bin/formmail.pl HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
205.155.196.131 - - [30/Jun/2004:13:41:17 +0200] "POST
/cgi-bin/contact.cgi HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
209.181.61.81 - - [30/Jun/2004:13:41:21 +0200] "POST
/cgi-bin/mailform.pl HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
209.188.66.29 - - [30/Jun/2004:13:41:24 +0200] "POST
/cgi-bin/formmail.cgi HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 1
foo.bar
216.11.71.2 - - [30/Jun/2004:13:41:25 +0200] "POST
/cgi-bin/FormMail.pl HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
193.224.42.8 - - [30/Jun/2004:13:41:27 +0200] "POST /mail.cgi
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0 foo.bar
213.142.20.29 - - [30/Jun/2004:13:41:32 +0200] "POST /cgi-bin/fmail.pl
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0 foo.bar
205.160.241.50 - - [30/Jun/2004:13:41:35 +0200] "POST
/cgi-bin/form.cgi HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
67.69.34.194 - - [30/Jun/2004:13:41:37 +0200] "POST
/cgi-bin/contact.pl HTTP/1.1" 404 14523 "http://www.foo.bar/" "-" 1
foo.bar
212.55.154.69 - - [30/Jun/2004:13:41:43 +0200] "POST /cgi/formmail
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 1 foo.bar
206.107.198.2 - - [30/Jun/2004:13:41:47 +0200] "POST /cgi-bin/mail.cgi
HTTP/1.1" 404 14523 "http://www.foo.bar/" "-" 1 foo.bar
67.98.236.153 - - [30/Jun/2004:13:41:49 +0200] "POST /formmail.pl
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0 foo.bar
195.77.24.14 - - [30/Jun/2004:13:41:51 +0200] "POST
/cgi-bin/feedback.cgi HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
209.235.241.82 - - [30/Jun/2004:13:41:53 +0200] "POST /contact.cgi
HTTP/1.1" 404 14523 "http://www.foo.bar/" "-" 1 foo.bar
209.2.108.2 - - [30/Jun/2004:13:41:58 +0200] "POST /form-bin/deliver
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0 foo.bar
80.16.106.83 - - [30/Jun/2004:13:41:59 +0200] "POST
/cgi-bin/cgiemail/contact.txt HTTP/1.0" 404 14523
"http://www.foo.bar/" "-" 0 foo.bar
207.44.198.13 - - [30/Jun/2004:13:42:04 +0200] "POST /cgi-bin/form.pl
HTTP/1.1" 404 14523 "http://www.foo.bar/" "-" 1 foo.bar
193.146.142.66 - - [30/Jun/2004:13:42:05 +0200] "POST
/cgi-bin/mailform.cgi HTTP/1.1" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
65.77.28.122 - - [30/Jun/2004:13:42:07 +0200] "POST
/cgi-bin/feedback.pl HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0
foo.bar
64.56.118.178 - - [30/Jun/2004:13:42:09 +0200] "POST /cgi-bin/mail.pl
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 0 foo.bar
207.68.98.5 - - [30/Jun/2004:13:42:11 +0200] "POST /cgi-bin/sender.pl
HTTP/1.0" 404 14523 "http://www.foo.bar/" "-" 1 foo.bar
12.104.198.106 - - [30/Jun/2004:13:42:12 +0200] "POST
/cgi-bin/mailer/mailer.cgi HTTP/1.0" 404 14523 "http://www.foo.bar/"
"-" 0 foo.bar
Apparently all from different IP's but certainly coordinated, because
it is on the same time, same kind of requests.
Anyone knows how this can be done? Is there any possibility to trace
who might have done this?
Best regards,
Pim Bliek
Reply to: