Date: Tue, 11 Apr 2000 16:45:20 -0700 (PDT) From: Bigby Findrake <bigby@ephemeron.org> To: bwoods2@uswest.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: Weird log entry ..... Message-ID: <Pine.BSF.4.21.0004111642220.44212-100000@home.ephemeron.org> In-Reply-To: <XFMail.000411160211.wwoods@cybcon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Apr 2000, William Woods wrote: > Came home from work and was doing a check of my server logs and ran accross > this, anyone tell me whats up here? > > cache-dp03.proxy.aol.com - - [11/Apr/2000:15:18:59 -0700] "GET / HTTP/1.0" 200 > 4254"http://209.185.131.251/cgi-bin/linkrd?_lang=&lah=14853ce0511667e378ad7f249b > b39074&lat=955491465&hm___action=http%3a%2f%2f63%2e227%2e213%2e92%2f" > "Mozilla/4.0(compatible; MSIE 5.0; AOL 5.0; Windows 98; DigExt)" > > What worries me is the try to execute a cgi-bin command here. I'm not sure why they were trying to find that page on your server, but I've seen *many* people come to my servers who've been referred from a page that looks a lot like that. I've included one log line below. blah:242.omaha-01-02rs.ne.dial-access.att.net - - [16/Mar/2000:18:53:45 +0000] "GET /~christy/ HTTP/1.1" 200 588 " http://216.33.236.250/cgi-bin/linkrd?_lang=&lah=d11f5445fcce05360957baed6934bce3&lat=953261532&hm___action=http%3a %2f%2fhome%2eephemeron%2eorg%2f%7echristy" "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98; AT&T WNS5.0)" Based on what I know, I'd say don't worry unless you see tons of people trying to hit up such pages. In that case, I'd say turn on ther referrers so that you can see who's directing people to that page on your server and contact that admin. /-------------------------------------------------------------------------/ "What reason weaves, by passion is undone." -- Alexander Pope finger bigby@ephemeron.org for my pgpkey or http://home.ephemeron.org/~bigby/pgp_key.txt e-mail bigby@pager.ephemeron.org to page me /-------------------------------------------------------------------------/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004111642220.44212-100000>