I want to keep these errors out of my error log file entirely:
script not found or unable to stat: /Library/WebServer/CGI-Executables/formm
script not found or unable to stat: /Library/WebServer/CGI-Executables/formm
script not found or unable to stat: /Library/WebServer/CGI-Executables/FormM
script not found or unable to stat: /Library/WebServer/CGI-Executables/FormM
I do have these lines in my httpd.conf:
SetEnvIfNoCase Request_URI "/cmd\.exe" junk
SetEnvIfNoCase Request_URI "/Admin\.dll" junk
SetEnvIfNoCase Request_URI "/root\.exe" junk
SetEnvIfNoCase Request_URI "/httpodbc\.dll" junk
SetEnvIfNoCase Request_URI "/owssvr\.dll" junk
SetEnvIfNoCase Request_URI "/default\.ida" junk
SetEnvIfNoCase Request_URI "/formmail\.cgi" junk
SetEnvIfNoCase Request_URI "/formmail\.pl" junk
CustomLog "/private/var/log/httpd/junk_log" combined env=junk
CustomLog "|/usr/local/bin/cronolog /var/log/httpd/access.%Y%m%d" combined env=!junk
and none of the OTHER exploits are appearing in my error log, but I figure the formmail ones are showing up (with 'not found' errors) because they have filenames ending in 'cgi' and 'pl'. What's the best way to keep these out of the error log entirely?
Also, does anyone have any good way of responding to people trying to use the formmail exploit? Like, putting a script there which reports them to the authorities? :)
script not found or unable to stat: /Library/WebServer/CGI-Executables/formm
script not found or unable to stat: /Library/WebServer/CGI-Executables/formm
script not found or unable to stat: /Library/WebServer/CGI-Executables/FormM
script not found or unable to stat: /Library/WebServer/CGI-Executables/FormM
I do have these lines in my httpd.conf:
SetEnvIfNoCase Request_URI "/cmd\.exe" junk
SetEnvIfNoCase Request_URI "/Admin\.dll" junk
SetEnvIfNoCase Request_URI "/root\.exe" junk
SetEnvIfNoCase Request_URI "/httpodbc\.dll" junk
SetEnvIfNoCase Request_URI "/owssvr\.dll" junk
SetEnvIfNoCase Request_URI "/default\.ida" junk
SetEnvIfNoCase Request_URI "/formmail\.cgi" junk
SetEnvIfNoCase Request_URI "/formmail\.pl" junk
CustomLog "/private/var/log/httpd/junk_log" combined env=junk
CustomLog "|/usr/local/bin/cronolog /var/log/httpd/access.%Y%m%d" combined env=!junk
and none of the OTHER exploits are appearing in my error log, but I figure the formmail ones are showing up (with 'not found' errors) because they have filenames ending in 'cgi' and 'pl'. What's the best way to keep these out of the error log entirely?
Also, does anyone have any good way of responding to people trying to use the formmail exploit? Like, putting a script there which reports them to the authorities? :)
