I checked my error_log of my perlmonk website the other day, and saw a most curious error.
script not found or unable to stat: /home/grinder/public_html/cgi-bin/formmail.pl
That, if I'm not mistaken, is the tell-tale signature of someone sniffing for one of Matt's broken scripts. I then went through the access_logs to find out just what went on.
GET /cgi-bin/formmail.pl?recipient=sexbuggyblue@aol.com,
&subject=patty?
&email=dice72934@aol.com
&=http://grinder.perlmonk.org/cgi-bin/formmail.pl
Curiouser and curiouser. Now, I know nothing of formmail.pl, but I do know RFCs 1945 and 2616, and to me the above URL looks simply incorrect. The two question marks (the second should be URI-encoded), the "&=", the comma following the email name. Whatever.
The referer (sic) agent is listed as Microsoft URL Control - 6.00.8862, but that doesn't mean much.
The IP address was logged too, of course. Some peanut on a dialup in Daytona Beach in Florida. But that's also neither here nor there.
My first reaction was to write a dummy formmail.pl (ugh, that extension) that simply pointed the person to davorg's nms project. But then I realised that this was some skript kiddie, who doesn't care about well written software, they want to exploit poorly written software, so there wasn't any point.
Now I'm toying with the idea of writing a honey-pot; a formmail.pl that appears to accept arguments, appears to send the mail, but doesn't actually do anything. But that's probably not ethically correct, because if the person gets pissed, they may just decide to trash jcwren's web-hosing service. Maybe on my own hardware perhaps.
So now I'm in a quandary. It's not, of course, something I'll lose sleep over, but I'm wondering, what would you do?
--In reply to Probed for formmail.pl by grinder
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |