dm.cgi, What is it? Hacked, exploited?

I was checking up on one of my sites and it said my account has been suspended. I promptly e-mailed support and got this response:

There was a script running wild on your account that nearly caused the server to crash. This needs to agreed to be taken care of before your site will be allowed back online.

trickyriddles.com @ Brussels: dm.cgi
21434 ***** 15 0 21108 5672 1484 S 1.6 0.1 0:03.94 dm.cgi
21759 ***** 15 0 21108 5676 1484 S 1.6 0.1 0:04.10 dm.cgi
21407 ***** 15 0 21108 5668 1484 S 1.3 0.1 0:03.56 dm.cgi
21739 ***** 15 0 21108 5672 1484 S 1.3 0.1 0:04.05 dm.cgi
21310 ***** 15 0 21108 5664 1480 S 1.0 0.1 0:04.16 dm.cgi
21356 ***** 15 0 21108 5668 1480 S 1.0 0.1 0:04.07 dm.cgi
21362 ***** 15 0 21108 5668 1480 S 1.0 0.1 0:04.10 dm.cgi
21385 ***** 15 0 21108 5664 1480 S 1.0 0.1 0:03.70 dm.cgi
21537 ***** 15 0 21104 5668 1480 S 1.0 0.1 0:04.27 dm.cgi
21564 ***** 15 0 21108 5672 1484 S 1.0 0.1 0:03.65 dm.cgi
21590 ***** 15 0 21108 5672 1480 S 1.0 0.1 0:04.09 dm.cgi
21613 ***** 15 0 21104 5668 1484 S 1.0 0.1 0:03.75 dm.cgi
21639 ***** 15 0 21108 5668 1480 S 1.0 0.1 0:04.37 dm.cgi
21652 ***** 15 0 21108 5672 1484 S 1.0 0.1 0:04.20 dm.cgi
21762 ***** 15 0 21104 5672 1480 S 1.0 0.1 0:04.22 dm.cgi
21781 ***** 15 0 21108 5672 1484 S 1.0 0.1 0:03.94 dm.cgi
21809 ***** 15 0 21108 5668 1480 S 1.0 0.1 0:03.55 dm.cgi
21848 ***** 15 0 21104 5668 1484 S 1.0 0.1 0:04.12 dm.cgi
21849 ***** 16 0 21108 5668 1480 S 1.0 0.1 0:04.06 dm.cgi
21294 ***** 16 0 21104 5668 1480 S 0.7 0.1 0:04.01 dm.cgi
21308 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:03.90 dm.cgi
21324 ***** 15 0 21108 5668 1484 S 0.7 0.1 0:03.94 dm.cgi
21350 ***** 16 0 21104 5672 1484 S 0.7 0.1 0:03.88 dm.cgi
21360 ***** 15 0 21100 5672 1480 S 0.7 0.1 0:03.97 dm.cgi
21370 ***** 15 0 21104 5664 1484 S 0.7 0.1 0:04.10 dm.cgi
21371 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:03.62 dm.cgi
21377 ***** 15 0 21108 5672 1480 S 0.7 0.1 0:03.96 dm.cgi
21444 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:04.09 dm.cgi
21446 ***** 15 0 21104 5672 1484 S 0.7 0.1 0:04.12 dm.cgi
21449 ***** 15 0 21104 5664 1480 S 0.7 0.1 0:03.90 dm.cgi
21452 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:04.08 dm.cgi
21497 ***** 16 0 21108 5668 1480 S 0.7 0.1 0:04.13 dm.cgi
21528 ***** 15 0 21104 5660 1480 S 0.7 0.1 0:03.95 dm.cgi
21530 ***** 15 0 21108 5676 1484 S 0.7 0.1 0:03.78 dm.cgi
21545 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:03.94 dm.cgi
21551 ***** 15 0 21100 5672 1484 S 0.7 0.1 0:04.21 dm.cgi
21572 ***** 15 0 21108 5672 1480 S 0.7 0.1 0:03.99 dm.cgi
21576 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:04.17 dm.cgi
21581 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:04.18 dm.cgi
21588 ***** 16 0 21104 5664 1480 S 0.7 0.1 0:03.83 dm.cgi
21592 ***** 15 0 21108 5668 1484 S 0.7 0.1 0:03.95 dm.cgi
21596 ***** 15 0 21108 5668 1484 S 0.7 0.1 0:04.04 dm.cgi
21603 ***** 15 0 21108 5664 1480 S 0.7 0.1 0:03.83 dm.cgi
21617 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:04.12 dm.cgi
21621 ***** 15 0 21104 5680 1484 S 0.7 0.1 0:03.89 dm.cgi
21636 ***** 16 0 21108 5668 1484 S 0.7 0.1 0:03.64 dm.cgi
21651 ***** 15 0 21108 5680 1484 S 0.7 0.1 0:04.24 dm.cgi
21654 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:04.18 dm.cgi
21661 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:04.04 dm.cgi
21664 ***** 15 0 21108 5664 1480 S 0.7 0.1 0:03.49 dm.cgi
21399 ***** 15 0 21108 5664 1480 S 0.6 0.1 0:03.87 dm.cgi
root@brussels [~]# 0 21108 5664 1480 S 0.6 0.1 0:04.11 dm.cgi
21408 ***** 15 0 21108 5664 1484 S 0.6 0.1 0:03.70 dm.cgi
21411 ***** 15 0 21108 5668 1484 S 0.6 0.1 0:03.97 dm.cgi
21412 ***** 15 0 21104 5672 1480 S 0.6 0.1 0:03.78 dm.cgi
21307 ***** 15 0 21108 5672 1480 S 0.7 0.1 0:03.93 dm.cgi
21311 ***** 15 0 21108 5672 1484 R 0.7 0.1 0:03.74 dm.cgi
21318 *****15 0 21108 5664 1484 S 0.7 0.1 0:03.72 dm.cgi
21329 ***** 15 0 21108 5664 1480 S 0.7 0.1 0:04.00 dm.cgi
21342 ***** 15 0 21104 5664 1484 S 0.7 0.1 0:03.93 dm.cgi
21368 ***** 15 0 21104 5672 1480 S 0.7 0.1 0:04.16 dm.cgi
21382 ***** 15 0 21104 5680 1484 S 0.7 0.1 0:03.92 dm.cgi
21389 ***** 15 0 21104 5668 1480 S 0.7 0.1 0:03.67 dm.cgi
21397 ***** 15 0 21104 5664 1480 S 0.7 0.1 0:04.31 dm.cgi
21405 ***** 15 0 21108 5664 1480 S 0.7 0.1 0:04.09 dm.cgi
21425 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:04.36 dm.cgi
21441 ***** 15 0 21108 5660 1480 S 0.7 0.1 0:03.61 dm.cgi
21446 ***** 15 0 21104 5672 1484 S 0.7 0.1 0:04.10 dm.cgi
21461 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:04.04 dm.cgi
21462 ***** 15 0 21108 5676 1480 S 0.7 0.1 0:04.31 dm.cgi
21467 ***** 16 0 21104 5664 1480 S 0.7 0.1 0:04.00 dm.cgi
21475 ***** 15 0 21108 5664 1480 S 0.7 0.1 0:04.15 dm.cgi
21484 ***** 15 0 21108 5672 1480 S 0.7 0.1 0:03.94 dm.cgi
21492 ***** 15 0 21108 5672 1484 S 0.7 0.1 0:03.85 dm.cgi
21497 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:04.08 dm.cgi
21508 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:03.81 dm.cgi
21509 ***** 15 0 21108 5668 1480 S 0.7 0.1 0:03.84 dm.cgi
21532 ***** 15 0 21104 5672 1484 S 0.7 0.1 0:04.01 dm.cgi
21559 ***** 15 0 21108 5672 1480 S 0.7 0.1 0:04.29 dm.cgi

Thanks,

The whole conversation with my host basically came off as this being my fault, I don't know anything about this dm.cgi nor did I install it. Could my account have been hacked or somehow exploited? I don't believe it was hacked as I was able to login afterwards with my password after they unsuspended my account, I figure if someone had the password they would do a lot more damage (yes I have changed it as a security measure). Maybe the site originally contained this dm.cgi file as I purchased it backed it up and restored it, but I have another site of the same sort and no such file exists. I was able to pull this out of my raw logs:

71.7.133.220 - - [19/Jun/2006:19:32:13 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

I have a bunch of these and similar entiries also originating from that IP,...any help would be much appreciated

 

Here is an interesting thread...
http://forum.ev1servers.net/showthread.php?t=60504

 

Yeah I came across that on a google search but it doesn't really tell me anything?

 

OK I have just regained ftp access and there are these files under my cgi-bin/upload:

from.txt
letter.htm
replyto.txt
subject.txt
xmacros.txt

Techs from my hosting have not been very helpful, I am assuming I can delete these as they were part of the script?

 

above all its always the siteowners responsibility to keep his web-space clean of hacker's activities

there are plenty of unsecured sites leaving many doors open for hackers to upload scripts and then running phising sites or spam mail services

search for any weak scripts you have there - anything from forum to php to perl and research the security alerts using google for those scripts and clean up / secure anything you find

months ago i had similar problems with other hackers and had to invest some 200 hrs in researching the topic and learning how to secure the leaks

 

I am looking into it, and this idiot has certainly been reported to his ISP.

Here's some more logs, I cannot seem find a login from that IP address though :/

71.7.133.220 - - [19/Jun/2006:18:40:03 -0500] "GET /phpinfo.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:18:40:03 -0500] "GET /phpinfo.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
71.7.133.220 - - [19/Jun/2006:18:41:05 -0500] "GET /phpinfo.php HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:22:07 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1647 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:22:10 -0500] "GET /cgi-bin/dm.cgi?m=ilogo HTTP/1.1" 200 227 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:22:18 -0500] "GET /cgi-bin/dm.cgi?m=ilog HTTP/1.1" 200 310 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:22:18 -0500] "GET /cgi-bin/dm.cgi?m=icfg HTTP/1.1" 200 411 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:22:20 -0500] "GET /favicon.ico HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:23:58 -0500] "GET /phpinfo.php HTTP/1.1" 200 10073 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:12 -0500] "GET /phpinfo.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 4453 "http://trickyriddles.com/phpinfo.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:13 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1649 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:18 -0500] "GET /cgi-bin/dm.cgi?m=snd HTTP/1.1" 200 1059 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:20 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 374 "http://trickyriddles.com/cgi-bin/dm.cgi?m=snd" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:28 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1059 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:31 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 371 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:33 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1059 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:43 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 373 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:24:57 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 374 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:02 -0500] "GET /cgi-bin/dm.cgi?m=stop HTTP/1.1" 200 1059 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:05 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 389 "http://trickyriddles.com/cgi-bin/dm.cgi?m=stop" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:12 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 386 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:19 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 413 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:27 -0500] "GET /cgi-bin/dm.cgi?m=log HTTP/1.1" 200 1147 "http://trickyriddles.com/cgi-bin/dm.cgi?m=stop" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:30 -0500] "GET /cgi-bin/dm.cgi?m=logsrc HTTP/1.1" 200 6464 "http://trickyriddles.com/cgi-bin/dm.cgi?m=log" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:37 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1662 "http://trickyriddles.com/cgi-bin/dm.cgi?m=log" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:49 -0500] "GET /cgi-bin/dm.cgi?m=snd HTTP/1.1" 200 1059 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:25:52 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 374 "http://trickyriddles.com/cgi-bin/dm.cgi?m=snd" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:00 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 374 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:08 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 375 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:16 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 372 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:24 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:31 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 378 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:39 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:46 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:26:54 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 363 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:04 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 378 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:14 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:21 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:28 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:36 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:47 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:27:55 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 365 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:02 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:09 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 379 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:17 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:30 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 365 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:37 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 379 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:44 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 377 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:28:58 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 379 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:29:05 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:32:00 -0500] "GET /cgi-bin/dm.cgi HTTP/1.1" 200 1059 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:32:04 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 380 "http://trickyriddles.com/cgi-bin/dm.cgi" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
71.7.133.220 - - [19/Jun/2006:19:32:13 -0500] "GET /cgi-bin/dm.cgi?m=state HTTP/1.1" 200 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"

 

I bet he logged in via anonimous proxy.

Check your PC for spyware

 

Thanks for the amazing response to my 2 year old thread.

 

while it certainly was careless of that poster to respond to your 2 year old thread - such never justifies the insult you used and that was sent out to all subscribers ( obviously re-edited by you after original posting )

but such name calling attitude as displayed may explain why you attracted hackers ...

 

Cry me a river Justin. I would have left it if I didn't feel sorry for the guy actually.

 

m0rtal
tks for your red rep
the simple fact that its anonymous still made it signed by you some ppl never change no matter the names they use.

 

Congrats on figuring it out. I wasn't sure if I made it obvious enough who it was from.

 

Sorry guys
I've been researching the antihackers forums about dm.cgi file. And found this topic in google. Just noticed the post was made on Jun 19th but not 2008
So, I posted a response

 

It's a perl script that forks lots of children in order to spam from your server. They tried to pack it to prevent people from inspecting the code, but I ran through it with the perl debugger and extracted it.

Enjoy.

 

1 post, ancient thread, someone wanna check that zip file? Haha.