I've been a victim for this annoying /sumthin-attack, I get quite a
few requests for that dir, that's very annoying, 'cause my (not very
silent) dot-matrix printer is printing my error_log ;)
So now i wonder if i can make apache simply ignore requests for
/sumthin, so it gives no http-header, nothi
* Michael Johnson - MJ wrote:
> User foo
> RLimitNPROC 5 5
> The user 'foo' has 4 ssh sessions (or 4 of any process) active.
>
> If the 'foo' has a cgi that does not fork any additional processes, he
> can have five concurrent instances of it running as one would expect.
>
> However, if the has a
Google is our friend.
wget is a unix package for retrieving files over
HTTP. So, it's sort of like a browser.
As for looking for awstats, someone is likely
looking for vulnerabilities like this one:
http://www.securiteam.com/securitynews/5MP0B2AEKS.html
- Original Message -
F
Hi
refer this doc
http://directory.fsf.org/wget.html
-Original Message-From: Broming plutonium
[mailto:[EMAIL PROTECTED]Sent: Monday, May 09, 2005 10:16
AMTo: users@httpd.apache.orgSubject: [EMAIL PROTECTED] What
is w;wget?
Hi,
I haven't checked my logs for a while
Hi,
I haven't checked my logs for a while, but when I did decide to check them, I found this strange request:
62.210.181.107 - - [23/Apr/2005:12:18:44 -0400] "GET //cgi-bin/awstats/awstats.pl \"w;wget\" HTTP/1.1" 404 303
This request was repeated 10 times, one time per second, changing the "/
That's the key right there. You probably need to think of multiple
approaches to securing the files (suexec, cgiwrappers, php level tweaks,
etc).
This is the one place where *nix and apache fall a hair short. What
would be nice would be the ability to assign user level settings to each
virtual
Hi all,
I apologize if someone has posted on this but I did not find it searching the
archives.
I currently manage an apache webserver 1.3.33 with a large number of
virtualhosts. As you can guess, my log files are ridden with 404's about the
missing robots.txt and favicon.ico files. One obvious s
At 07:37 PM 5/8/2005, Stuart Low wrote:
Heya,
PHP as a CGI also requires users (read, typically, morons) to add a
shebang line to their scripts.
Seems like a small, but ongoing price to pay. I guess the same question
over and over could drive you nuts after a while. But then again, it seems
like
hi ..
i am new apache as well new to linux
i am involved in creating a server like software..
i am running linux suse 9.3
i need to know to configure apache 2 in linux
basically a clear step by step instruction on how to properly install and
configure apache 2'
i find online material to be to vag
Heya,
PHP as a CGI also requires users (read, typically, morons) to add a
shebang line to their scripts. What we do is put in an open_basedir for
all vhosts at a bare minimum. Another favourite is the mod_suexec module
additions for mod_php (I forget the exact name).
Another countermeasure is mod
Hi,
Does no one use cgi wrap anymore? I thought that the best way to handle
this kind of thing is to run PHP as a CGI first off, and then use something
like wrap to isolate users. Yes, lesser performance, but people running on
shared servers get what they pay for, and it certainly makes sense to
Here is the explanation as you have already presented it:
All users sites are owned by httpd
There are multiple user sites, we'll say a-z.
Site a is running PHPbb with a version known to be buggy.
Someone issues a hack against site a. The hack says modify site b-z.
Apache says, why not, I own the
No, I can't. I'm not a security expert. Hopefully someone else can help you
more.
Sure looks to me like a phpBB hack though.
- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 8:23 PM
Subject: Re: [EMAIL PROTECTED] Hacked the website replace th
Hi Tim,
Could you please explain it bit more. There is no connection between the hacked
website and phpBB website.( both are different virtual host). We are using php
version 4.3.9. Do you mean upgrade php?
Thanks
Mathew
>>> [EMAIL PROTECTED] 9/05/05 10:13:21 >>>
If you google admin_styles.ph
If you google admin_styles.php you'll find it's a known phpBB hack.
Update, replace, or disable the phpBB boards and change all passwords.
- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 8:00 PM
Subject: Re: [EMAIL PROTECTED] Hacked the webs
Hello Apache users,
I may have found a bug in httpd-2.1.3-beta mod_proxy_balancer.
Or more likely I just don’t have it configured properly. Here’s
the entries from httpd.conf:
ProxyRequests on
ProxyVia on
Allow from all
BalancerMember http://10.1.8
Hi Tim,
The intruder replaced only two index.htm files. There is no evidence that the
server has been hacked other than two index.htm file has been replaced.
The phpBB websete is owned by different user and group than the site which has
been hacked.
The following is from the access.log. ( The
I just noticed that the RLimitNPROC is overly agressive when checking
the number of processes forked off for a given user. Take the following
senario for example:
User foo
RLimitNPROC 5 5
The user 'foo' has 4 ssh sessions (or 4 of any process) active.
If the 'foo' has a cgi that does not fork any
Ok. What evidence do you have that it was a hack? (as opposed to, say, FTP
passwords getting out somehow).
And, by any chance, do the sites that were hacked share any passwords with
accounts on any of the phpBB installations? And, with what were the index
files replaced?
- Original Message --
Hi Tim,
Thanks for the reply. Yes, couple of virtual hosts are running phpPBB. The
website which have been hacked are not using PHP,mysql or ssl.
Thanks
Mathew
>>> [EMAIL PROTECTED] 9/05/05 8:56:04 >>>
We'll probably need more details. You running phpBB anywhere?
- Original Message -
We'll probably need more details. You running phpBB anywhere?
- Original Message -
From: "Mathew Thomas" <[EMAIL PROTECTED]>
To:
Sent: Sunday, May 08, 2005 6:49 PM
Subject: [EMAIL PROTECTED] Hacked the website replace the index.hm page
Hi All,
We are running apache_1.3.32 with mod_ssl
Hi All,
We are running apache_1.3.32 with mod_ssl, mySQL and PHP. OS is Solaris 9.
Apache is running with
User httpd
Group http
Most of the Documentroot is owned by httpd.( There are several virtualhost
running on this server)
its-wu-web:departments# ps -ef | grep http
httpd 18168 24970
The Web Application Security Consortium (WASC) is proud to present 'The Web
Security Mailing List'.
What is The Web Security Mailing List?
The Web Security Mailing List is an open information forum for discussing
topics relevant to
web security. Topics include, but are not limited to, industry
Hi,
when i try to start apache2 (2.0.54-2) i get the following error message:
[Sun May 08 22:04:00 2005] [info] Init: Initializing OpenSSL library
[Sun May 08 22:04:00 2005] [info] Init: Seeding PRNG with 0 bytes of entropy
[Sun May 08 22:04:00 2005] [info] Init: Generating temporary RSA privat
Hi all
I've searched http://httpd.apache.org/ but couldn't find the info I was
looking for, so I hope someone here can help me.
I want to write a module for apache 2.x, but as far as I could see the module
API is not "stable" yet. I'm guessing this will happen around the next stable
2.X release
Hi,
I have a system in which all the pages are generated on the
fly.
I want those pages not to be cached. I do want to cache
images and css files.
I have two servers, with two different configuration
directives
Server 1)
Header set Pragma "no-cache"
Header set Expires "Fri, 01 J
26 matches
Mail list logo
