So maybe there aren’t as many open SMTP relays as there were a couple of years ago, but somehow spam thrives. To get their product out, some spam kings have evidently resorted to hijacking web email-contact pages, or so I’ve concluded from the contents of the jls.cx HTTP logs. Here’s some sample statistics for 404 (page not found) errors:
| URL | Error Hits |
|---|---|
| /cgi-bin/formmail.pl | 42 |
| /cgi-bin/contact.cgi | 26 |
| /cgi-bin/formmail.cgi | 23 |
Straight from the log, here’s evidence of one of the more brain-dead attempts:
198.104.144.39 - - [19/Aug/2004:12:58:53 -0600] "GET /cgi-bin/formmail.pl?email=rockstar@mail.com &subject=www.jls.cx/cgi-bin/formmail.pl&message=rockstar&recipient=blesss@aol.com[...]
Basically, somebody’s out there trolling for a web page that will automatically send email. In this case, the troller was dumb enough to use GET, which logs all of the details of the request and thus leaves fingerprints all over the log. Most of the other attempts use POST, which hides the details from the log.
Anyway, if you’ve got a mail script page that allows unauthenticated sending of mail, take it down please. The Internet isn’t as nice as it used to be.