In article <KSMef.434$dW1.301@read3.inet.fi>,
Tauno Voipio <tauno.voipio@INVALIDiki.fi> wrote:
> Andy Jacobs wrote:
> >
> > the other one that intrigues me is from the same address and that's the
> > first one as it appears to be accessing a file that's outside of
> > anything web accessible.
> >
> > I'm still interested in knowing if these are people trying to use the
> > form from outside - i.e. through the browser, or whether the server has
> > been compromised. The form2mail.php file was installed yesterday, went
> > live with a new site on the domain this afternoon and was being used
> > within a couple of hours. How could anyone find this file?
>
> Does any of the publicly accessible pages have links to
> the form?
Not links, but it is called from a contact page as the action on a form.
That's got me thinking though. If I rename the form to something
obscure, they'll still find it as it will still have to be called. But
what if I call it using - for want of a better phrase - the numerical
values? So form2mail.php becomes:
form2mail.p 8;&#x
70;
Could this work?
Andy
--
Andy Jacobs
www.redcatmedia.net
Intelligent Websites For Intelligent Business People