Spamming Common Mailer CGI Scripts

By Deane Barker on March 25, 2003

Spammers are firing off HTTP requests at places they think common email cgi scripts might be (“http://www.domainname/cgi-bin/” for instance).

They send this request with parameters designed to send them an email if it finds a unprotected, generic script. If they get an email, then they know the script is there and they’ll pelt it with HTTP requests to send spam from your mail server until you check your logs and discover what they’re up to.

I found this because they tried to do the same thing to me. “Microsoft URL Control – 6.00.8169” is a user agent from Microsoft’s XMLHTTP COM object.