Date: Thu, 14 Jun 2001 17:05:58 +0300 From: Peter Pentchev <roam@orbitel.bg> To: default013 - subscriptions <default013subscriptions@hotmail.com> Cc: freebsd-security@freebsd.org Subject: Re: apache security question Message-ID: <20010614170558.C3508@ringworld.oblivion.bg> In-Reply-To: <OE44ezf9CIElR3n4DVv00010e9b@hotmail.com>; from default013subscriptions@hotmail.com on Thu, Jun 14, 2001 at 08:08:36AM -0500 References: <OE44ezf9CIElR3n4DVv00010e9b@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 14, 2001 at 08:08:36AM -0500, default013 - subscriptions wrote: > Hello, I've been advised that someone is attempting to break into my box, > and I know that this person is knowledgeable so I've been watching for > unusual activity... > > I noticed this entry in one of my apache logfiles yesterday, and was > wondering if anyone could explain to me what this is: > > mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500] > "HEAD / HTTP/1.0" 200 0 "-" > > It appears to me like they somehow executed the 'head' command... how would > one do this, and how could you stop it? They did not execute the head(1) command that you would execute if you typed 'head /etc/motd' on your shell prompt; they made an HTTP HEAD request, the point of which is to get the headers you would get on a GET request, without the page itself - this is handy for browsers that want to check if a particular page has changed. But yes, as discussed in the thread, the goal was probably to check your Apache's version. G'luck, Peter -- This sentence contains exactly threee erors. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614170558.C3508>