> From: Gary [mailto:[EMAIL PROTECTED]]
> On Tue, Aug 20, 2002 at 05:17:38PM -0400 or thereabouts, Ward > William E DLDN wrote: > > Ok, I don't often NOT understand what I'm seeing in my > > Apache logs, but this is one of those times: (IPs removed to > > protect the innocent). > > > > > adsl212-115.advancedsl.com.ar - - [15/Aug/2002:19:54:58 -0400] "GET > > http://cpcug.org/scripts/env.cgi HTTP/1.0" 404 275 "-" "Mozilla/3.0 > (compatible)" > > > was an attempt to use my proxy to redirect an attack at > > CPCUG.org? If so, since this is in the ACCESS log and this > > Yes, and no, he is trying to get to see, through you, if > cpcug.org has an environmental cgi script, as they will > tell him all of the environmental variables that cpcug.org > has. It definitely is the start of something. In that case, if it's not too late, it looks like I should drop a line to the folks at cpcug.org to let them know that someone has been attempting to use me to probe them. The poor guy at advancedsl.com.ar doesn't have a clue though; he thought he was connecting to my web proxy (because of the port) but I've got my Apache serving pages on that port.... so he never had a chance at CPCUG. > > [Thu Aug 15 19:54:58 2002] [error] [client 200.51.212.115] > > File does not exist: /var/www/html/scripts/env.cgi > > > > was in my error log, am I safe in assuming he did NOT > > succeed? Or should I look more closely at this? > > check your cgi scripts, and while you are at it, also be watchful that > you do not have a formail cgi, as older versions had gaping holes to > allow spammers to utilize this, even if you have otherwise shut down > mail relay. I keep only a single pair of (non important) scripts in there; a "Guest Book" for my M-I-Law's web site and a site counter for the same. I suppose theoretically the Guest Book may be exploitable, at least as a DOS tool (it allows, IIRC, unlimited size messages, and so can be used to fill up the partition that it resides on; I should rewrite that, I think), but in practice I don't think anyone would get that much kick out of DOSing me of the Internet (and I can easily remove the DOSing file). But other than those, I'm locked up as tight as you can be and still serve Web Pages to everyone near and far.... Bill Ward -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
