FutureQuest, Inc. FutureQuest, Inc. FutureQuest, Inc.
Knowledgebase: CGI/Perl
Strange Script Not Found errors in my error_log
Posted on 01 January 2004 06:15 AM
Question
It looks like somebody is being inquisitive. I don't think it's a problem, but can you please have a look at my error log if you get a moment, just in case? I've copied in the last hundred lines below.

-----
%% [Thu Apr 19 08:31:10 2001] GET /cgi-bin/htmlscript HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/htmlscript
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:12 2001] GET /cgi-bin/flexform.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/flexform.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:14 2001] GET /cgi-bin/flexform HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/flexform
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:16 2001] GET /cgi-bin/ssi/cgi-bin/ssi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/ssi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:18 2001] GET /cgi-bin/rwwwshell.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/rwwwshell.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:26 2001] GET /cgi-bin/fpexplore.exe HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/fpexplore.exe
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:28 2001] GET /cgi-bin/wguest.exe HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/wguest.exe
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:30 2001] GET /cgi-bin/rguest.exe HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/rguest.exe
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:33 2001] GET /cgi-bin/search.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/search.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:35 2001] GET /cgi-bin/loadpage.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/loadpage.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:36 2001] GET /cgi-bin/webwho.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/webwho.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:37 2001] GET /cgi-bin/tigvote.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/tigvote.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:38 2001] GET /cgi-bin/GW5/GWWEB.EXE HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/GW5
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:52 2001] GET /cgi-bin/input.bat HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/input.bat
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:53 2001] GET /cgi-bin/webutil.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/webutil.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:55 2001] GET /cgi-bin/environ.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/environ.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:57 2001] GET /cgi-bin/websendmail HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/websendmail
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:58 2001] GET /cgi-bin/php.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/php.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:31:59 2001] GET /cgi-bin/php HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/php
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:00 2001] GET /cgi-bin/perl.exe HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/perl.exe
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:05 2001] GET /cgi-bin/wwwadmin.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/wwwadmin.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:06 2001] GET /cgi-bin/sendform.cgi HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/sendform.cgi
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:08 2001] GET /cgi-bin/maillist.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/maillist.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:09 2001] GET /cgi-bin/dumpenv.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/dumpenv.pl
%error
script not found or unable to stat
%% [Thu Apr 19 08:32:10 2001] GET /cgi-bin/mailit.pl HTTP/1.0
%% 404 /big/dom/xdomain/cgi-bin/mailit.pl
%error
script not found or unable to stat


Answer
It looks like someone ran a probe against your domain looking for exploitable weaknesses with your CGI scripts...

It's an automated tester, which are quite common in nature...

What you can do is read through the list and make note of what programs they are looking for - and then simply use it as a "Don't use that CGI Script" guide... ;)