spambot or spybot running wild searches

[vivekar]

For the past few days, some spambots are trying to sneak into my website to harvest
email addresses.
They are searching for these files

--------------------------------------
/cgi-bin/form.cgi
/mail.cgi
/cgi-bin/FormMail.pl
/cgi-bin/formmail.cgi
/cgi-bin/mailform.pl
/cgi-bin/contact.cgi
/cgi-bin/formmail.pl
FormMail.cgi
cgi-bin/formmail.pl
cgi-bin/generic
/cgi-bin/formmail.pl
/cgi-bin/form_processor.pl
Formmail.pl
cgi-bin/contact.pl
/cgi-bin/form.cgi
cgi-bin/fmail.pl
/mail.cgi
/cgi-bin/FormMail.pl
/cgi-bin/formmail.cgi
/cgi-bin/mailform.pl
/cgi-bin/contact.cgi
/cgi-bin/formmail.pl
/cgi-bin/ezformml.cgi
-------------------------------------------------

Since I do not use these files because of the known security problems,
these searches generate 404.
UserAgent field is blank.
And they originate from different IP addresses..
for e.g.,
141.158.65.***
200.83.*.**
216.145.***
207.156.00.**
66.234.255.**
200.12.238.**
153.110.132**
195.53.31.**

I suspect that, this may be done by some backdoor programs ( adware, spyware, trojan...).

Anyone having this mess?

[mushroom]

My guesss is that it is a hacker scanning for vulnerable servers to hack into and the ip address you captured are also victims themselfs.
Suggest you report things of this nature to http://www.dshield.org/ the more info they have the more likely they can help put a stop to it. Also see http://isc.sans.org/

[vivekar]

I reported the problem to isc.sans.org

After a few searches in Google, I got these gems...


An attempt to execute formmail, which is a program with known vulnerabilities.

http://webgear.datacreek.net/tips/fmailspam.html

FormMail Can Send Spam, but You Can Prevent That

Similar post in WMW
http://www.webmasterworld.com/forum10/6076.htm