First of all, i disabled all formmail in /cgi-sys/ and told all my resellers to inform their clients that formmail is no longer an option. I found tons of ips still bombing my site looking for the illusive formmail script so this is what i did. pico /etc/httpd/conf/httpd.conf Add the following entries in you http.conf #Log Formmail abusers. alias /cgi-sys/formmail.pl /usr/local/apache/htdocs/getlost.html alias /cgi-sys/Formmail.pl /usr/local/apache/htdocs/getlost.html alias /cgi-sys/FormMail.pl /usr/local/apache/htdocs/getlost.html alias /cgi-sys/formmail.cgi /usr/local/apache/htdocs/getlost.html alias /cgi-sys/Formmail.cgi /usr/local/apache/htdocs/getlost.html alias /cgi-sys/FormMail.cgi /usr/local/apache/htdocs/getlost.html Add the same entries for /cgi-bin/ as above. In my cgi-bin, I have a real formmail.php script running that will record the ip and send an automatic report the isp. So if they continue searching my system in cgi-bin they will be banned for sure and reported. Here is what those reports look like. Date / Time = 04/24/03 10:35:26 PST/PDT (GMT -0700) Abuse address listed at SpamCop.net: firstname.lastname@example.org Host = 188.8.131.52 IP Number = 184.108.40.206 Referrer = http://GAMERCHICKZ.com Request URL = www.gamerchickz.com/cgi-sys/formmail.pl ******************** But anyway continuing.... restart apache Then in /usr/local/apache/htdocs create a file called getlost.html Include the following in getlost.html. <html> <head> <title>Formmail idiots warning!</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div align="center">Thank You for reporting yourself!</div> <div align="center"> <br> </div> <center> <h2>Go away Stupid, this is not a formmail script!!</h2> </center> <div align="center"> <p><strong>But thanks anyway for reporting your self!<br> <br> <font color="#FF0000">Ip recorded!</font></strong></p> <p><strong>The next time you try that, we will report you to your isp and block your ip completely!!</strong></p> </div> </body> </html> Save, your done. Anyone who tried to load /cgi-sys/formmail from any of your user sites will get my lovely msg. OPTIONS: You could also modify the above to redirect them to any site you want. :D I have a few sites in mind. A nice f-u site would be nice. Use your imagination. You could use a redirectmatch directive to redirect them to any site you want.