From owner-freebsd-security Thu Jun 14 6:22:17 2001 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe24.law12.hotmail.com [64.4.18.81]) by hub.freebsd.org (Postfix) with ESMTP id E85CF37B409 for ; Thu, 14 Jun 2001 06:21:59 -0700 (PDT) (envelope-from default013subscriptions@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 14 Jun 2001 06:21:59 -0700 X-Originating-IP: [24.14.93.185] Reply-To: "default013 - subscriptions" From: "default013 - subscriptions" To: References: <0106141510371Q.00481@xyberpix.mip.co.za> Subject: Re: apache security question Date: Thu, 14 Jun 2001 08:22:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: X-OriginalArrivalTime: 14 Jun 2001 13:21:59.0794 (UTC) FILETIME=[FDFE9D20:01C0F4D4] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ohhh, I figured out what this is, this lists an error message with the apache version number... thats what he wanted apparently. Alrighty. Just thought I'd update, thanks again. ----- Original Message ----- From: "Neil Fryer" To: "default013 - subscriptions" ; "default013 - subscriptions" ; Sent: Thursday, June 14, 2001 8:09 AM Subject: Re: apache security question > 'ello > > Ok, afaik, this command could quite easily be run by telnetting into port 80 on > your webserver, as you'll have this open anyway on your fw to allow web > traffic, as for your other question, sorry can't help. > > Cheers > Neil Fryer > neilf@mip.co.za > > > > On Thu, 14 Jun 2001, default013 - subscriptions wrote: > > Hello, I've been advised that someone is attempting to break into my box, > > and I know that this person is knowledgeable so I've been watching for > > unusual activity... > > > > I noticed this entry in one of my apache logfiles yesterday, and was > > wondering if anyone could explain to me what this is: > > > > mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500] > > "HEAD / HTTP/1.0" 200 0 "-" > > > > It appears to me like they somehow executed the 'head' command... how would > > one do this, and how could you stop it? > > > > Thanks, Jordan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > -- > "Against stupidity, even the Gods struggle in vain." > - Friedrich von Schiller > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message