Date: Thu, 14 Jun 2001 21:34:09 +0300 From: Yonatan Bokovza <Yonatan@xpert.com> To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: RE: apache security question Message-ID: <EB513E68D3F5D41191CA00025558810150D448@mailserv.xpert.com>
next in thread | raw e-mail | index | archive | help
and if you'r totaly paranoid and this is the only instance you saw "HEAD /" in the logs, you might consider filtering this IP in your firewall. You do have a firewall, right? > -----Original Message----- > From: default013 - subscriptions > [mailto:default013subscriptions@hotmail.com] > Sent: Thursday, June 14, 2001 16:21 > To: freebsd-security@FreeBSD.ORG > Cc: Neil Fryer > Subject: Re: apache security question > > > Neil, > > Thanks all, :) > > I attempted this in telnet and got a 'method not supported' > message. ... I'm > just being extra careful lately because I know that this guy > is tryin to do > things to my box... whatever this was, it didnt work so... thanks > > ----- Original Message ----- > From: "Neil Fryer" <neilf@mip.co.za> > To: "default013 - subscriptions" > <default013subscriptions@hotmail.com>; > "default013 - subscriptions" <default013subscriptions@hotmail.com>; > <freebsd-security@FreeBSD.ORG> > Sent: Thursday, June 14, 2001 8:09 AM > Subject: Re: apache security question > > > > 'ello > > > > Ok, afaik, this command could quite easily be run by > telnetting into port > 80 on > > your webserver, as you'll have this open anyway on your fw > to allow web > > traffic, as for your other question, sorry can't help. > > > > Cheers > > Neil Fryer > > neilf@mip.co.za > > > > > > > > On Thu, 14 Jun 2001, default013 - subscriptions wrote: > > > Hello, I've been advised that someone is attempting to > break into my > box, > > > and I know that this person is knowledgeable so I've been > watching for > > > unusual activity... > > > > > > I noticed this entry in one of my apache logfiles > yesterday, and was > > > wondering if anyone could explain to me what this is: > > > > > > mydomainname.com otherguyshostname.com - - > [12/Jun/2001:18:21:35 -0500] > > > "HEAD / HTTP/1.0" 200 0 "-" > > > > > > It appears to me like they somehow executed the 'head' > command... how > would > > > one do this, and how could you stop it? > > > > > > Thanks, Jordan > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > -- > > "Against stupidity, even the Gods struggle in vain." > > - Friedrich von Schiller > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EB513E68D3F5D41191CA00025558810150D448>