Date: Tue, 6 Jan 1998 23:49:52 +0100 From: Ollivier Robert <roberto@keltia.freenix.fr> To: freebsd-hackers@FreeBSD.ORG Cc: Brian Handy <handy@sag.space.lockheed.com> Subject: Re: HTTPD Question Message-ID: <19980106234952.37736@keltia.freenix.fr> In-Reply-To: <Pine.OSF.3.96.980106140553.25588W-100000@sag.space.lockheed.com>; from Brian Handy on Tue, Jan 06, 1998 at 02:08:11PM -0800 References: <Pine.OSF.3.96.980106140553.25588W-100000@sag.space.lockheed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Brian Handy: > So, when I get something like this in my logs, what do you think it means? > > ahab.rutgers.edu - - [06/Jan/1998:10:33:18 -0800] "GET > /cgi-bin/phf?Jserver=x%0auname%20-a%0aid%0aecho%20lamer%0a&Qname=x > HTTP/1.0" 404 164 Someone tries to probe your WWW server for the phf CGI script which, in old versions of Apache, would give you access the any file the server can access. There have been a CERT advisatory about this. You may want to report the attack to them if you have enough log. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #27: Tue Jan 6 22:25:44 CET 1998
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980106234952.37736>