From owner-freebsd-security Sun Sep 20 15:31:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA23229 for freebsd-security-outgoing; Sun, 20 Sep 1998 15:31:22 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA23201 for ; Sun, 20 Sep 1998 15:31:16 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.8.7/8.8.2) with SMTP id PAA05154; Sun, 20 Sep 1998 15:31:26 -0700 (PDT) Date: Sun, 20 Sep 1998 15:31:26 -0700 (PDT) From: Dan Busarow To: Brett Glass cc: security@FreeBSD.ORG Subject: Re: Bogus hits on our Web server In-Reply-To: <199809202128.PAA11447@lariat.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Sep 1998, Brett Glass wrote: > 38.11.110.182 root - [20/Sep/1998:13:37:16 -0600] "GET /cgi-bin/phf" 404 - > 38.11.110.182 root - [20/Sep/1998:13:37:19 -0600] "GET /cgi-bin/test-cgi" > 404 - > 38.11.110.182 root - [20/Sep/1998:13:37:22 -0600] "GET /cgi-bin/handler" 404 - > > Is this a mass attack by a bunch of "skript kiddies?" What's going on? Yep. Add the directives suggested in access.conf to send them to a "your busted" page. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, a California corporation dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message