Since I’ve only had this site up for a few days, I still have fun looking at the access logs to see who is visiting. While perusing, I noticed a series of entries that looks like this: - - [20/Jul/2002:23:32:27 -0500] “POST /cgi-bin/ HTTP/1.0” 404 - “http://MATTHEWSIM.COM/contact.htm” “Mozilla/4.0 (compatible; MSIE 5.01; Windows 95)”

The other URLs that he tried to access are /cgi-bin/formmail.cgi, /cgi-local/, /cgibin/, /cgi-local/formmail.cgi, and /cgibin/formmail.cgi. None of these exist on my site.

This looks like someone is trying to use my web site to send e-mail. formmail must be an easily-exploitable CGI that is often installed by default. Perhaps a spammer is looking for an innocent host to act as relay.

Using the Sarangworld Traceroute Project, I traced to, a UUNET customer in Ladue, MO.

I suspect this sort of thing happens all the time. As an experiment, I forwarded this information to UUNET’s security department and my web provider. I’ll let you know if I receive a reply.