in reply to Probed for formmail.pl

Since the more recent versions of formmail.pl are mostly useful to spammers looking to mask their identity, you might notify the ISP of origin. If they get enough complaints this will be one of a series of pulled accounts for the spammer. Other than that, the best thing to do is let this go to 404, why waste your time and bandwidth on trying to fight it? The only way to actually win such a fight would be to root their box and cause them misery-- but since that's illegal (even in self-defense) I strongly recommend against it. So here's what I'd do: submit a polite report to abuse@ISP.com and shrug it off-- I suppose I'd archive that portion of the logs, too. Just like I would for any other suspicious set of error messages.

Replies are listed 'Best First'.
Fighting it
by Kickstart (Pilgrim) on Nov 24, 2001 at 05:51 UTC
    Actually, you do good by reporting it to their ISP. Sure, he's not going to get busted for checking for vulnerabilities on websites...life isn't that easy. But...if you and 30 other people mention that this guy did this, the ISP is definitely going to take note of it, and maybe give the script kiddie (or his parents) a call to find out what's happening.

    On the other hand, if you do nothing, he'll get bored of it and either decide playing Half-life is more fun, or start looking at scanners and rootkits. Personally, as a working sysadmin, I'd hope that people would give a little effort and scare him a little before he does something that's going to get him in serious trouble or even jail down the road. If you do nothing, nothing gets better. Complacency is the bane of security, both in securing your own systems and in making the net a better place to be.

    Kickstart

[reply]

In Section Meditations