Here’s another interesting observation caught by checking the visitors logs for the site I run. Over at xpat.org, there were 43 hits on the site over the span of five minutes. Each hit came from a different IP Address, but they had a common cause: to try to find an automated email generation program on my site, so they could hijack it and send out thousands of spam from it.

Clearly they were all coming from the same sources, but just as clearly the IP Addresses were being faked, or “spoofed” in order to hide who was really doing this.

Here’s the list of addresses they attempted to access–all failed, because I don’t have a form mail script on that site:

/cgi-bin/email.pl
/cgi-bin/FormMail.pl
/cgi-bin/formtomail.pl
/cgi/FormMail.pl
/cgi-bin/ezformml.cgi
/cgi-bin/af.pl
/cgi/contact.cgi
/cgi-bin/form.cgi
/cgi-bin/mailto
/cgi-bin/mailer/mailer.cgi
/mail.cgi
/form-bin/deliver
/cgi-bin/contactus.cgi
/cgi-bin/referral.cgi
/cgi-bin/email.cgi
/cgi-bin/mail.pl
/cgi-bin/cgiemail/contact.txt
/cgi-bin/tellafriend.pl
/cgi-bin/mailto.pl
/cgi-bin/mail.pl
/cgi-bin/mailer.cgi
/cgi-bin/FormMail.cgi
/cgi-bin/tell/tell.cgi
/cgi-bin/mailer.pl
/cgi-bin/formmail.pl
/cgi-bin/sender.pl
/cgi-bin/feedback.pl
/cgi-bin/cgiemail/mailtemp.txt
/cgi/formmail
/formmail.cgi
/formmail/formmail.cgi
/contact.cgi
/cgi-bin/BFormMail.pl
/cgi-bin/npl_mailer.cgi
/cgi-bin/contact.cgi
/cgi-bin/mailform.cgi
/cgi-bin/mail.cgi
/email.cgi
/cgi-bin/asomail.cgi
/cgi-bin/chfeedback.pl
/cgi-bin/mailform.pl
/cgi-bin/tellafriend.cgi
/cgi-bin/formmail.cgi

These being, presumably, the common names for email generation scripts. Now just imagine that attack being levied against thousands of machines over the course of a day and you can imagine that they probably found a large number of the scripts–and are now gleefully hacking into them and sending millions of spam through them. Just a tiny peek into the world of spamming.

One positive point–they seem to depend on the form mail script being named the same thing–which means that if you give the script a random name they won’t find it.