From owner-freebsd-security Thu Jun 14 6:20:15 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe20.law12.hotmail.com [64.4.18.124]) by hub.freebsd.org (Postfix) with ESMTP id 1B8E037B403 for ; Thu, 14 Jun 2001 06:20:08 -0700 (PDT) (envelope-from default013subscriptions@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 14 Jun 2001 06:20:08 -0700 X-Originating-IP: [24.14.93.185] Reply-To: "default013 - subscriptions" From: "default013 - subscriptions" To: Cc: "Neil Fryer" References: <0106141510371Q.00481@xyberpix.mip.co.za> Subject: Re: apache security question Date: Thu, 14 Jun 2001 08:20:33 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 14 Jun 2001 13:20:08.0027 (UTC) FILETIME=[BB6052B0:01C0F4D4] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Neil, Thanks all, :) I attempted this in telnet and got a 'method not supported' message. ... I'm just being extra careful lately because I know that this guy is tryin to do things to my box... whatever this was, it didnt work so... thanks ----- Original Message ----- From: "Neil Fryer" To: "default013 - subscriptions" ; "default013 - subscriptions" ; Sent: Thursday, June 14, 2001 8:09 AM Subject: Re: apache security question > 'ello > > Ok, afaik, this command could quite easily be run by telnetting into port 80 on > your webserver, as you'll have this open anyway on your fw to allow web > traffic, as for your other question, sorry can't help. > > Cheers > Neil Fryer > neilf@mip.co.za > > > > On Thu, 14 Jun 2001, default013 - subscriptions wrote: > > Hello, I've been advised that someone is attempting to break into my box, > > and I know that this person is knowledgeable so I've been watching for > > unusual activity... > > > > I noticed this entry in one of my apache logfiles yesterday, and was > > wondering if anyone could explain to me what this is: > > > > mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500] > > "HEAD / HTTP/1.0" 200 0 "-" > > > > It appears to me like they somehow executed the 'head' command... how would > > one do this, and how could you stop it? > > > > Thanks, Jordan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- > "Against stupidity, even the Gods struggle in vain." > - Friedrich von Schiller > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message