While looking at my website stats today I found that in the error codes, there were a lot of people trying the following files:
formmail.cgi
formmail.pl
sendmail.cgi
mailform.cgi
contact.cgi

and so on... so I asked a friend of mine, a hacker guru, why people should look for such files and he answered that they're the preferred "keyhole" to hack sites!!! :eek:

I am so glad that I made my own forms and contact in php... they can hack my site anyway, but at least it should be a bit more difficult ;)

I am so glad that I made my own forms and contact in php... they can hack my site anyway, but at least it should be a bit more difficult ;)
It's unlikely. Most of these so-called crackers (not hackers) are script kiddies without any real knowledge of what they are doing - they just do automated attacks on known vulnerabilities using scripts written by someone else (hence the term "script kiddies"). I seriously doubt they had the ability to attack a "custom" site if they wanted to.

I get a burst of those once every few days on my portfolio page, too. Since I don't do much there other than show off my stuff, there isn't anything they can hack into.

Older versions of formmail had a huge hole you could exploit and send spam through. The newer version is all buttoned up. I am assuming they are looking for the older versions to exploit.

Most of these scripts are ones provided by CPanel, even though they should get rid of them already. The scripts are outdated, full of vulnerabilities, and very lacking compared to many perfectly good free PHP scripts on the net. Luckily they are easy to disable server-wide but many hosts leave them on :mad: