From owner-freebsd-security Sun Sep 20 15:57:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA28449 for freebsd-security-outgoing; Sun, 20 Sep 1998 15:57:05 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cs1.cityscope.net (cs1.cityscope.net [206.222.183.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA28384 for ; Sun, 20 Sep 1998 15:56:43 -0700 (PDT) (envelope-from bahwi@technologist.com) Received: from cs1 (pm2-86.cityscope.net [209.16.48.86]) by cs1.cityscope.net (8.9.0/8.9.0) with SMTP id SAA00900; Sun, 20 Sep 1998 18:08:38 -0500 (CDT) Message-Id: <199809202308.SAA00900@cs1.cityscope.net> From: "Bahwi Malistyr" Organization: http://www.cityscope.net/~bahwi/home.html To: Brett Glass Date: Sun, 20 Sep 1998 17:55:56 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Bogus hits on our Web server Reply-to: bahwi@technologist.com CC: security@FreeBSD.ORG In-reply-to: <199809202128.PAA11447@lariat.lariat.org> X-mailer: Pegasus Mail for Win32 (v3.01b) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Is this a mass attack by a bunch of "skript kiddies?" What's going on? I wouldn't say a mass attack unless there are a lot more people than you let on, but script kiddies is the right word. the phf file is an exploit from way back if I recall correctly, at least a few years ago. I haven't seen anything with the test-cgi but yes, they are script kiddies after root on your machine, report it to the root of their ISP or the root of their machines -1 on the traceroute if it becomes too much of a problem, and if you think it is necessary. If this didn't help that much, sorry, if it did, good, if you still have questions, go ahead and ask. -bahwi http://www.cityscope.net/~bahwi/home.html bahwi@technologist.com bahwi@yahoo.com UIN: 3329836 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message