Where spam comes from, part 379

So maybe there aren’t as many open SMTP relays as there were a couple of years ago, but somehow spam thrives. To get their product out, some spam kings have evidently resorted to hijacking web email-contact pages, or so I’ve concluded from the contents of the jls.cx HTTP logs. Here’s some sample statistics for 404 (page not found) errors:

URL Error Hits
/cgi-bin/formmail.pl 42
/cgi-bin/contact.cgi 26
/cgi-bin/formmail.cgi 23

Straight from the log, here’s evidence of one of the more brain-dead attempts: - - [19/Aug/2004:12:58:53 -0600] "GET /cgi-bin/formmail.pl?email=rockstar@mail.com

Basically, somebody’s out there trolling for a web page that will automatically send email. In this case, the troller was dumb enough to use GET, which logs all of the details of the request and thus leaves fingerprints all over the log. Most of the other attempts use POST, which hides the details from the log.
Anyway, if you’ve got a mail script page that allows unauthenticated sending of mail, take it down please. The Internet isn’t as nice as it used to be.