< Previous
Next >

: I'm spending my idle moments making my log analysis software slice and dice data in more interesting ways. One thing I just added was analysis of 404 errors. I've discovered that I'm getting a surprising number of 404s of the following strange form:

http://www.crummy.com/cgi-bin/formmail.pl?recipient=foo@bar.com&subject=http://www.crummy.com/cgi-bin/formmail.pl&email=baz@qux.com&=http://www.crummy.com/cgi-bin/formmail.pl

Now, I don't need this page to tell me someone's up to no good, started causing trouble 'round my neighborhood. There's a common CGI script called formmail.pl which lets you send mail through a web browser, and there are robots (the sinister Microsoft URL Control again) which scour the web looking for unprotected formmail.pls to use as spam relays.

My question is, is there anyone interested in getting the output of a script I would write, called formmail.pl, which grabs information about anyone who accesses it? I don't care enough to actually wreak my own revenge, but I'm happy to provide information to those who enjoy such things. John Ashcroft, are you listening?


[Main] [Edit]

Unless otherwise noted, all content licensed by Leonard Richardson
under a Creative Commons License.