From owner-freebsd-security Mon Sep 21 09:00:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA03340 for freebsd-security-outgoing; Mon, 21 Sep 1998 09:00:09 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peloton.physics.montana.edu (peloton.physics.montana.edu [153.90.192.177]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA03188 for ; Mon, 21 Sep 1998 09:00:01 -0700 (PDT) (envelope-from brett@peloton.physics.montana.edu) Received: from localhost (brett@localhost) by peloton.physics.montana.edu (8.8.8/8.8.7) with SMTP id JAA14689; Mon, 21 Sep 1998 09:58:16 -0600 (MDT) (envelope-from brett@peloton.physics.montana.edu) Date: Mon, 21 Sep 1998 09:58:16 -0600 (MDT) From: Brett Taylor To: Brett Glass cc: security@FreeBSD.ORG Subject: Re: Bogus hits on our Web server In-Reply-To: <199809202128.PAA11447@lariat.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Sun, 20 Sep 1998, Brett Glass wrote: > We've gotten several spates of Web log entries like the following: > > 62.8.15.131 unknown - [20/Sep/1998:10:43:16 -0600] "GET /cgi-bin/phf" 404 - > 62.8.15.131 unknown - [20/Sep/1998:10:43:17 -0600] "GET /cgi-bin/test-cgi" > 404 - > 62.8.15.131 unknown - [20/Sep/1998:10:43:18 -0600] "GET /cgi-bin/handler" > 404 - from /usr/local/etc/apache/access.conf-dist: # There have been reports of people trying to abuse an old bug from # pre-1.1 days. This bug involved a CGI script distributed as a part of # Apache. By uncommenting these lines you can redirect these attacks to a # logging script on phf.apache.org. Or, you can record them yourself, # using the script support/phf_abuse_log.cgi. # #deny from all #ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi # Basically someone's trying to see if you have some old known-to-be-bad cgi scripts laying around. Brett ****************************************************************** Brett Taylor brett@peloton.physics.montana.edu http://peloton.physics.montana.edu/brett/ "There is something uncanny in the noiseless rush of the cyclist, as he comes into view, passes by, and disappears." - Popular Science, 1891 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message