From owner-freebsd-security Thu Jun 14 11:34:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from void.xpert.com (xpert.com [199.203.132.1]) by hub.freebsd.org (Postfix) with ESMTP id 4542337B403 for ; Thu, 14 Jun 2001 11:34:27 -0700 (PDT) (envelope-from Yonatan@xpert.com) Received: from mailserv.xpert.com ([199.203.132.135]) by void.xpert.com with esmtp (Exim 3.20 #1) id 15Abvc-0006SK-00 for freebsd-security@freebsd.org; Thu, 14 Jun 2001 21:33:12 +0300 Received: by mailserv.xpert.com with Internet Mail Service (5.5.2650.21) id ; Thu, 14 Jun 2001 21:34:12 +0300 Message-ID: From: Yonatan Bokovza To: "'freebsd-security@freebsd.org'" Subject: RE: apache security question Date: Thu, 14 Jun 2001 21:34:09 +0300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org and if you'r totaly paranoid and this is the only instance you saw "HEAD /" in the logs, you might consider filtering this IP in your firewall. You do have a firewall, right? > -----Original Message----- > From: default013 - subscriptions > [mailto:default013subscriptions@hotmail.com] > Sent: Thursday, June 14, 2001 16:21 > To: freebsd-security@FreeBSD.ORG > Cc: Neil Fryer > Subject: Re: apache security question > > > Neil, > > Thanks all, :) > > I attempted this in telnet and got a 'method not supported' > message. ... I'm > just being extra careful lately because I know that this guy > is tryin to do > things to my box... whatever this was, it didnt work so... thanks > > ----- Original Message ----- > From: "Neil Fryer" > To: "default013 - subscriptions" > ; > "default013 - subscriptions" ; > > Sent: Thursday, June 14, 2001 8:09 AM > Subject: Re: apache security question > > > > 'ello > > > > Ok, afaik, this command could quite easily be run by > telnetting into port > 80 on > > your webserver, as you'll have this open anyway on your fw > to allow web > > traffic, as for your other question, sorry can't help. > > > > Cheers > > Neil Fryer > > neilf@mip.co.za > > > > > > > > On Thu, 14 Jun 2001, default013 - subscriptions wrote: > > > Hello, I've been advised that someone is attempting to > break into my > box, > > > and I know that this person is knowledgeable so I've been > watching for > > > unusual activity... > > > > > > I noticed this entry in one of my apache logfiles > yesterday, and was > > > wondering if anyone could explain to me what this is: > > > > > > mydomainname.com otherguyshostname.com - - > [12/Jun/2001:18:21:35 -0500] > > > "HEAD / HTTP/1.0" 200 0 "-" > > > > > > It appears to me like they somehow executed the 'head' > command... how > would > > > one do this, and how could you stop it? > > > > > > Thanks, Jordan > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > -- > > "Against stupidity, even the Gods struggle in vain." > > - Friedrich von Schiller > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message