virus sends spam via web form??

Discussion in 'Anti-Virus' started by Michael Eberli, Sep 14, 2005.

  1. for a short time I recieve senseless emails sent via a form on my web page.
    the form is processed by a php script and the data is sent to an email
    account.
    a closer look at the log files shows that this mails were sent every few
    hours, 3 mails each time. the originator seems to be different every time...
    can anybody help me?


    logs from my web-server:

    210.82.214.236 - - [31/Aug/2005:13:24:20 +0200] "GET / HTTP/1.1" 200
    11607 "-" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:25 +0200] "GET /contact.php
    HTTP/1.1" 200 14097 "-" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:29 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:31 +0200] "POST /contact_send.php
    HTTP/1.1" 200 10968 "http://www.b-raider.ch/" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:33 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:34 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:37 +0200] "GET /custombikes.php
    HTTP/1.1" 200 12046 "-" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:40 +0200] "GET /index.php
    HTTP/1.1" 200 11607 "-" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:44 +0200] "GET /bikes.php
    HTTP/1.1" 200 14079 "-" "-"
    210.82.214.236 - - [31/Aug/2005:13:24:47 +0200] "GET /tuning.php
    HTTP/1.1" 200 11729 "-" "-"

    202.176.193.149 - - [08/Sep/2005:23:51:44 +0200] "GET / HTTP/1.1" 200
    11607 "-" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:45 +0200] "GET /contact.php
    HTTP/1.1" 200 13999 "-" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:47 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:49 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11114 "http://www.b-raider.ch/" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:51 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:53 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11086 "http://www.b-raider.ch/" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:55 +0200] "GET /index.php
    HTTP/1.1" 200 11544 "-" "-"
    202.176.193.149 - - [08/Sep/2005:23:51:56 +0200] "GET /bikes.php
    HTTP/1.1" 200 13758 "-" "-"

    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:07 +0200] "GET / HTTP/1.1"
    200 11453 "-" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:11 +0200] "GET /contact.php
    HTTP/1.1" 200 13300 "-" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:17 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:22 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:29 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:36 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:40 +0200] "GET
    /custombikes.php HTTP/1.1" 200 11907 "-" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:44 +0200] "GET /index.php
    HTTP/1.1" 200 11607 "-" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:50 +0200] "GET /bikes.php
    HTTP/1.1" 200 13967 "-" "-"
    s01-nsm.onespeed.com - - [10/Sep/2005:14:28:56 +0200] "GET /tuning.php
    HTTP/1.1" 200 11666 "-" "-"

    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:23 +0200] "GET /
    HTTP/1.1" 200 11460 "-" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:27 +0200] "GET
    /contact.php HTTP/1.1" 200 13782 "-" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:36 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:41 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:46 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:52 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:57 +0200] "GET
    /custombikes.php HTTP/1.1" 200 11962 "-" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:01 +0200] "GET
    /index.php HTTP/1.1" 200 11607 "-" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:06 +0200] "GET
    /bikes.php HTTP/1.1" 200 14051 "-" "-"
    209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:12 +0200] "GET
    /tuning.php HTTP/1.1" 200 11729 "-" "-"

    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:16 +0200]
    "GET / HTTP/1.1" 200 11607 "-" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:20 +0200]
    "GET /contact.php HTTP/1.1" 200 14013 "-" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:28 +0200]
    "POST /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:32 +0200]
    "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:37 +0200]
    "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:42 +0200]
    "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:46 +0200]
    "GET /custombikes.php HTTP/1.1" 200 12116 "-" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:50 +0200]
    "GET /index.php HTTP/1.1" 200 11607 "-" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:54 +0200]
    "GET /bikes.php HTTP/1.1" 200 13835 "-" "-"
    h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:58 +0200]
    "GET /tuning.php HTTP/1.1" 200 11534 "-" "-"

    hollla05.haworth.com - - [11/Sep/2005:08:00:46 +0200] "GET / HTTP/1.1"
    200 11607 "-" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:00:50 +0200] "GET /contact.php
    HTTP/1.1" 200 14097 "-" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:00:56 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:02 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:06 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:10 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:14 +0200] "GET
    /custombikes.php HTTP/1.1" 200 12116 "-" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:17 +0200] "GET /index.php
    HTTP/1.1" 200 11439 "-" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:20 +0200] "GET /bikes.php
    HTTP/1.1" 200 14093 "-" "-"
    hollla05.haworth.com - - [11/Sep/2005:08:01:24 +0200] "GET /tuning.php
    HTTP/1.1" 200 11729 "-" "-"

    talkers.de - - [11/Sep/2005:13:44:48 +0200] "GET / HTTP/1.1" 200 11607
    "-" "-"
    talkers.de - - [11/Sep/2005:13:44:57 +0200] "GET /contact.php HTTP/1.1"
    200 13404 "-" "-"
    talkers.de - - [11/Sep/2005:13:45:04 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    talkers.de - - [11/Sep/2005:13:45:10 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    talkers.de - - [11/Sep/2005:13:45:14 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    talkers.de - - [11/Sep/2005:13:45:19 +0200] "POST /contact_send.php
    HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    talkers.de - - [11/Sep/2005:13:45:23 +0200] "GET /custombikes.php
    HTTP/1.1" 200 12116 "-" "-"
    talkers.de - - [11/Sep/2005:13:45:28 +0200] "GET /index.php HTTP/1.1"
    200 11607 "-" "-"
    talkers.de - - [11/Sep/2005:13:45:34 +0200] "GET /bikes.php HTTP/1.1"
    200 14093 "-" "-"
    talkers.de - - [11/Sep/2005:13:45:40 +0200] "GET /tuning.php HTTP/1.1"
    200 11729 "-" "-"

    lxe003.infocamere.it - - [12/Sep/2005:12:55:56 +0200] "GET / HTTP/1.1"
    200 11607 "-" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:00 +0200] "GET /contact.php
    HTTP/1.1" 200 13321 "-" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:04 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11024 "http://www.b-raider.ch/" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:07 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:11 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11059 "http://www.b-raider.ch/" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:15 +0200] "POST
    /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:18 +0200] "GET
    /custombikes.php HTTP/1.1" 200 12026 "-" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:22 +0200] "GET /index.php
    HTTP/1.1" 200 11607 "-" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:26 +0200] "GET /bikes.php
    HTTP/1.1" 200 14093 "-" "-"
    lxe003.infocamere.it - - [12/Sep/2005:12:56:31 +0200] "GET /tuning.php
    HTTP/1.1" 200 11513 "-" "-"
     
    Michael Eberli, Sep 14, 2005
    #1
    1. Advertisements

  2. From: "Michael Eberli" <>

    | for a short time I recieve senseless emails sent via a form on my web page.
    | the form is processed by a php script and the data is sent to an email
    | account.
    | a closer look at the log files shows that this mails were sent every few
    | hours, 3 mails each time. the originator seems to be different every time...
    | can anybody help me?
    |
    | logs from my web-server:
    |
    | 210.82.214.236 - - [31/Aug/2005:13:24:20 +0200] "GET / HTTP/1.1" 200
    | 11607 "-" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:25 +0200] "GET /contact.php
    | HTTP/1.1" 200 14097 "-" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:29 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:31 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 10968 "http://www.b-raider.ch/" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:33 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:34 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:37 +0200] "GET /custombikes.php
    | HTTP/1.1" 200 12046 "-" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:40 +0200] "GET /index.php
    | HTTP/1.1" 200 11607 "-" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:44 +0200] "GET /bikes.php
    | HTTP/1.1" 200 14079 "-" "-"
    | 210.82.214.236 - - [31/Aug/2005:13:24:47 +0200] "GET /tuning.php
    | HTTP/1.1" 200 11729 "-" "-"
    |
    | 202.176.193.149 - - [08/Sep/2005:23:51:44 +0200] "GET / HTTP/1.1" 200
    | 11607 "-" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:45 +0200] "GET /contact.php
    | HTTP/1.1" 200 13999 "-" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:47 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:49 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11114 "http://www.b-raider.ch/" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:51 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:53 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11086 "http://www.b-raider.ch/" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:55 +0200] "GET /index.php
    | HTTP/1.1" 200 11544 "-" "-"
    | 202.176.193.149 - - [08/Sep/2005:23:51:56 +0200] "GET /bikes.php
    | HTTP/1.1" 200 13758 "-" "-"
    |
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:07 +0200] "GET / HTTP/1.1"
    | 200 11453 "-" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:11 +0200] "GET /contact.php
    | HTTP/1.1" 200 13300 "-" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:17 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:22 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:29 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:36 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:40 +0200] "GET
    | /custombikes.php HTTP/1.1" 200 11907 "-" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:44 +0200] "GET /index.php
    | HTTP/1.1" 200 11607 "-" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:50 +0200] "GET /bikes.php
    | HTTP/1.1" 200 13967 "-" "-"
    | s01-nsm.onespeed.com - - [10/Sep/2005:14:28:56 +0200] "GET /tuning.php
    | HTTP/1.1" 200 11666 "-" "-"
    |
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:23 +0200] "GET /
    | HTTP/1.1" 200 11460 "-" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:27 +0200] "GET
    | /contact.php HTTP/1.1" 200 13782 "-" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:36 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:41 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:46 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:52 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:05:57 +0200] "GET
    | /custombikes.php HTTP/1.1" 200 11962 "-" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:01 +0200] "GET
    | /index.php HTTP/1.1" 200 11607 "-" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:06 +0200] "GET
    | /bikes.php HTTP/1.1" 200 14051 "-" "-"
    | 209-253-173-175.ip.mcleodusa.net - - [10/Sep/2005:20:06:12 +0200] "GET
    | /tuning.php HTTP/1.1" 200 11729 "-" "-"
    |
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:16 +0200]
    | "GET / HTTP/1.1" 200 11607 "-" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:20 +0200]
    | "GET /contact.php HTTP/1.1" 200 14013 "-" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:28 +0200]
    | "POST /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:32 +0200]
    | "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:37 +0200]
    | "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:42 +0200]
    | "POST /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:46 +0200]
    | "GET /custombikes.php HTTP/1.1" 200 12116 "-" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:50 +0200]
    | "GET /index.php HTTP/1.1" 200 11607 "-" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:54 +0200]
    | "GET /bikes.php HTTP/1.1" 200 13835 "-" "-"
    | h-66-166-127-226.lsanca54.covad.net - - [11/Sep/2005:02:08:58 +0200]
    | "GET /tuning.php HTTP/1.1" 200 11534 "-" "-"
    |
    | hollla05.haworth.com - - [11/Sep/2005:08:00:46 +0200] "GET / HTTP/1.1"
    | 200 11607 "-" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:00:50 +0200] "GET /contact.php
    | HTTP/1.1" 200 14097 "-" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:00:56 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:02 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:06 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:10 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:14 +0200] "GET
    | /custombikes.php HTTP/1.1" 200 12116 "-" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:17 +0200] "GET /index.php
    | HTTP/1.1" 200 11439 "-" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:20 +0200] "GET /bikes.php
    | HTTP/1.1" 200 14093 "-" "-"
    | hollla05.haworth.com - - [11/Sep/2005:08:01:24 +0200] "GET /tuning.php
    | HTTP/1.1" 200 11729 "-" "-"
    |
    | talkers.de - - [11/Sep/2005:13:44:48 +0200] "GET / HTTP/1.1" 200 11607
    | "-" "-"
    | talkers.de - - [11/Sep/2005:13:44:57 +0200] "GET /contact.php HTTP/1.1"
    | 200 13404 "-" "-"
    | talkers.de - - [11/Sep/2005:13:45:04 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | talkers.de - - [11/Sep/2005:13:45:10 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | talkers.de - - [11/Sep/2005:13:45:14 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | talkers.de - - [11/Sep/2005:13:45:19 +0200] "POST /contact_send.php
    | HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | talkers.de - - [11/Sep/2005:13:45:23 +0200] "GET /custombikes.php
    | HTTP/1.1" 200 12116 "-" "-"
    | talkers.de - - [11/Sep/2005:13:45:28 +0200] "GET /index.php HTTP/1.1"
    | 200 11607 "-" "-"
    | talkers.de - - [11/Sep/2005:13:45:34 +0200] "GET /bikes.php HTTP/1.1"
    | 200 14093 "-" "-"
    | talkers.de - - [11/Sep/2005:13:45:40 +0200] "GET /tuning.php HTTP/1.1"
    | 200 11729 "-" "-"
    |
    | lxe003.infocamere.it - - [12/Sep/2005:12:55:56 +0200] "GET / HTTP/1.1"
    | 200 11607 "-" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:00 +0200] "GET /contact.php
    | HTTP/1.1" 200 13321 "-" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:04 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11024 "http://www.b-raider.ch/" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:07 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11156 "http://www.b-raider.ch/" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:11 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11059 "http://www.b-raider.ch/" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:15 +0200] "POST
    | /contact_send.php HTTP/1.1" 200 11079 "http://www.b-raider.ch/" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:18 +0200] "GET
    | /custombikes.php HTTP/1.1" 200 12026 "-" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:22 +0200] "GET /index.php
    | HTTP/1.1" 200 11607 "-" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:26 +0200] "GET /bikes.php
    | HTTP/1.1" 200 14093 "-" "-"
    | lxe003.infocamere.it - - [12/Sep/2005:12:56:31 +0200] "GET /tuning.php
    | HTTP/1.1" 200 11513 "-" "-"

    This PhP exploit was just recently reported. I suggest blocking them at your FireWall and
    contacting the ISP at; and maybe
     
    David H. Lipman, Sep 14, 2005
    #2
    1. Advertisements

  3. I forgot to mention. You should contact your vendor and patch your httpd software that is
    using PhP scripting.
     
    David H. Lipman, Sep 14, 2005
    #3
  4. On that special day, Michael Eberli, () said...
    Perhaps this is from the following script attack:
    Currently, this spammer (or whatever this is) is getting more and more
    aggressive.


    Gabriele Neukam

     
    Gabriele Neukam, Sep 14, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.