Date: Tue, 6 Jan 1998 20:41:13 -0500 (EST) From: Mike <mike@seidata.com> To: Brian Handy <handy@sag.space.lockheed.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: HTTPD Question Message-ID: <Pine.BSF.3.96.980106203306.29947A-100000@seidata.com> In-Reply-To: <Pine.OSF.3.96.980106140553.25588W-100000@sag.space.lockheed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 6 Jan 1998, Brian Handy wrote: > So, when I get something like this in my logs, what do you think it > means? It seems to mean someone is attempting to exploit phf on your system. One popular phf "exploit" involves catting the password file to one's browser. This is nothing to worry about if you don't have phf on your system (the error messages you posted said you didn't). Of course, the same guy that attempted to exploit phf on your system may be trying other things as well... I would suggest either uncommenting the lines in your access.conf file that forward these requests to http://phf.apache.org or looking into a script that logs these instances, trys to query for information about the attacker and mails the results to root (just search for 'phf' on the web - there are a couple different scripts like this out there). --- Mike Hoskins Kettering University SEI Data Network Services, Inc. CS/CE Major Program mike@seidata.com hosk0094@kettering.edu http://www.seidata.com http://www.kettering.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980106203306.29947A-100000>