Date: Mon, 21 Sep 1998 09:58:16 -0600 (MDT) From: Brett Taylor <brett@peloton.physics.montana.edu> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Bogus hits on our Web server Message-ID: <Pine.BSF.4.02A.9809210956300.14517-100000@peloton.physics.montana.edu> In-Reply-To: <199809202128.PAA11447@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Sun, 20 Sep 1998, Brett Glass wrote: > We've gotten several spates of Web log entries like the following: > > 62.8.15.131 unknown - [20/Sep/1998:10:43:16 -0600] "GET /cgi-bin/phf" 404 - > 62.8.15.131 unknown - [20/Sep/1998:10:43:17 -0600] "GET /cgi-bin/test-cgi" > 404 - > 62.8.15.131 unknown - [20/Sep/1998:10:43:18 -0600] "GET /cgi-bin/handler" > 404 - from /usr/local/etc/apache/access.conf-dist: # There have been reports of people trying to abuse an old bug from # pre-1.1 days. This bug involved a CGI script distributed as a part of # Apache. By uncommenting these lines you can redirect these attacks to a # logging script on phf.apache.org. Or, you can record them yourself, # using the script support/phf_abuse_log.cgi. #<Location /cgi-bin/phf*> #deny from all #ErrorDocument 403 http://phf.apache.org/phf_abuse_log.cgi #</Location> Basically someone's trying to see if you have some old known-to-be-bad cgi scripts laying around. Brett ****************************************************************** Brett Taylor brett@peloton.physics.montana.edu http://peloton.physics.montana.edu/brett/ "There is something uncanny in the noiseless rush of the cyclist, as he comes into view, passes by, and disappears." - Popular Science, 1891 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9809210956300.14517-100000>