Date: Tue, 11 Apr 2000 16:52:44 -0700 From: Ian Kallen <spidaman@salon.com> To: Bigby Findrake <bigby@ephemeron.org> Cc: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG Subject: Re: Weird log entry ..... Message-ID: <38F3BACC.7DEAE133@salon.com> References: <Pine.BSF.4.21.0004111642220.44212-100000@home.ephemeron.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This isn't a FreeBSD security issue and you both should learn how to read common log format: those "cgi requests" you're fretting over _are_ referers. The requests of your servers look like vanilla status 200 HTTP requests for non-CGI URL's, so get on with life and close out this topic: it's a non-issue. Bigby Findrake wrote: > > On Tue, 11 Apr 2000, William Woods wrote: > > > Came home from work and was doing a check of my server logs and ran accross > > this, anyone tell me whats up here? > > > > cache-dp03.proxy.aol.com - - [11/Apr/2000:15:18:59 -0700] "GET / HTTP/1.0" 200 > > 4254"http://209.185.131.251/cgi-bin/linkrd?_lang=&lah=14853ce0511667e378ad7f249b > > b39074&lat=955491465&hm___action=http%3a%2f%2f63%2e227%2e213%2e92%2f" > > "Mozilla/4.0(compatible; MSIE 5.0; AOL 5.0; Windows 98; DigExt)" > > > > What worries me is the try to execute a cgi-bin command here. > > I'm not sure why they were trying to find that page on your server, but > I've seen *many* people come to my servers who've been referred from a > page that looks a lot like that. I've included one log line below. > > blah:242.omaha-01-02rs.ne.dial-access.att.net - - [16/Mar/2000:18:53:45 > +0000] "GET /~christy/ HTTP/1.1" 200 588 " > http://216.33.236.250/cgi-bin/linkrd?_lang=&lah=d11f5445fcce05360957baed6934bce3&lat=953261532&hm___action=http%3a > %2f%2fhome%2eephemeron%2eorg%2f%7echristy" "Mozilla/4.0 (compatible; MSIE > 4.01; Windows 98; AT&T WNS5.0)" > > Based on what I know, I'd say don't worry unless you see tons of people > trying to hit up such pages. In that case, I'd say turn on ther referrers > so that you can see who's directing people to that page on your server and > contact that admin. > > /-------------------------------------------------------------------------/ > "What reason weaves, by passion is undone." -- Alexander Pope > > finger bigby@ephemeron.org for my pgpkey or > http://home.ephemeron.org/~bigby/pgp_key.txt > e-mail bigby@pager.ephemeron.org to page me > /-------------------------------------------------------------------------/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Salon Internet http://www.salon.com/ Manager, Software and Systems "Livin' La Vida Unix!" Ian Kallen <idk@salon.com> / AIM: iankallen / Fax: (415) 354-3326 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38F3BACC.7DEAE133>