From owner-freebsd-security  Thu Jun 14  6:11:11 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mip.co.za (puck.mip.co.za [209.212.106.44])
	by hub.freebsd.org (Postfix) with ESMTP id 3441937B414
	for <freebsd-security@FreeBSD.ORG>; Thu, 14 Jun 2001 06:10:49 -0700 (PDT)
	(envelope-from neilf@mip.co.za)
Received: from xyberpix.mip.co.za (xyberpix.mip.co.za [10.3.13.100])
	by mip.co.za (8.9.3/8.9.3) with SMTP id PAA62635;
	Thu, 14 Jun 2001 15:10:37 +0200 (SAST)
	(envelope-from neilf@mip.co.za)
From: Neil Fryer <neilf@mip.co.za>
Organization: MIP Holdings
To: "default013 - subscriptions" <default013subscriptions@hotmail.com>,
	"default013 - subscriptions" <default013subscriptions@hotmail.com>,
	<freebsd-security@FreeBSD.ORG>
Subject: Re: apache security question
Date: Thu, 14 Jun 2001 15:09:24 +0200
X-Mailer: KMail [version 1.0.28]
Content-Type: text/plain;
  charset="iso-8859-1"
References: <OE44ezf9CIElR3n4DVv00010e9b@hotmail.com>
In-Reply-To: <OE44ezf9CIElR3n4DVv00010e9b@hotmail.com>
MIME-Version: 1.0
Message-Id: <0106141510371Q.00481@xyberpix.mip.co.za>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

'ello

Ok, afaik, this command could quite easily be run by telnetting into port 80 on
your webserver, as you'll have this open anyway on your fw to allow web
traffic, as for your other question, sorry can't help.

Cheers
Neil Fryer
neilf@mip.co.za



On Thu, 14 Jun 2001, default013 - subscriptions wrote:
> Hello, I've been advised that someone is attempting to break into my box,
> and I know that this person is knowledgeable so I've been watching for
> unusual activity...
> 
> I noticed this entry in one of my apache logfiles yesterday, and was
> wondering if anyone could explain to me what this is:
> 
> mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500]
> "HEAD / HTTP/1.0" 200 0 "-"
> 
> It appears to me like they somehow executed the 'head' command... how would
> one do this, and how could you stop it?
> 
> Thanks, Jordan
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
-- 
"Against stupidity, even the Gods struggle in vain."
					- Friedrich von Schiller

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message