something along the lines of: grep -r "formmail.pl" /var/log/apache/access/*.log | less
will show the attempts on all the [domain_name].log files if they are in /var/log/apache/access/ grep -r "formmail.pl" /var/log/apache/access/*.log | grep -v 40 | less will filter out those that are 40X errors. grep -r "formmail.pl" /var/log/apache/access/*.log | grep -v 40 | grep -v 30 | less will additionally filter out those attempts blocked by 'deny' rules in your http.conf Hope this helps. Also, you might want to do something like: find /home/ -name formmail -ls to find all formmail.pl, formmail.cgi, formmail.php3 etc files On Mon, 3 Feb 2003, Stefaan Teerlinck wrote: > Hi, > > I have a server with a lot of name-based virtual hosts. On one of those > sites the formmail.pl script is being abused, a client is using an > unsecure script. How can I find out on what site this is? > > Thanks, > Stefaan. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
