From owner-freebsd-hackers Tue Jan 6 14:56:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.7/8.8.7) id OAA03690 for hackers-outgoing; Tue, 6 Jan 1998 14:56:32 -0800 (PST) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id OAA03241 for ; Tue, 6 Jan 1998 14:50:46 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.8.8/frmug-2.2/nospam) with UUCP id XAA07587; Tue, 6 Jan 1998 23:50:05 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: (from roberto@localhost) by keltia.freenix.fr (8.8.8/keltia-2.13/nospam) id XAA19616; Tue, 6 Jan 1998 23:49:53 +0100 (CET) (envelope-from roberto) Message-ID: <19980106234952.37736@keltia.freenix.fr> Date: Tue, 6 Jan 1998 23:49:52 +0100 From: Ollivier Robert To: freebsd-hackers@FreeBSD.ORG Cc: Brian Handy Subject: Re: HTTPD Question References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: ; from Brian Handy on Tue, Jan 06, 1998 at 02:08:11PM -0800 X-Operating-System: FreeBSD 3.0-CURRENT ctm#3960 AMD-K6 MMX @ 208 MHz Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk According to Brian Handy: > So, when I get something like this in my logs, what do you think it means? > > ahab.rutgers.edu - - [06/Jan/1998:10:33:18 -0800] "GET > /cgi-bin/phf?Jserver=x%0auname%20-a%0aid%0aecho%20lamer%0a&Qname=x > HTTP/1.0" 404 164 Someone tries to probe your WWW server for the phf CGI script which, in old versions of Apache, would give you access the any file the server can access. There have been a CERT advisatory about this. You may want to report the attack to them if you have enough log. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #27: Tue Jan 6 22:25:44 CET 1998