Bug#151711: marked as done (RFP: badurl -- Custom 403, 404's to slow CGI vulnerability scans (cgi tarpit))
Your message dated Wed, 14 Sep 2005 21:55:06 -0500 (CDT)
with message-id <20050915025506.AE68C10791B@cerdita.damog.net>
and subject line WNPP bug closed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Jul 2002 20:01:04 +0000
>From umdanie8@cc.umanitoba.ca Tue Jul 02 15:01:04 2002
Return-path: <umdanie8@cc.umanitoba.ca>
Received: from electra.cc.umanitoba.ca [130.179.16.23]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 17PTpg-00072C-00; Tue, 02 Jul 2002 15:01:04 -0500
Received: from mira.cc.umanitoba.ca (umdanie8@mira.cc.umanitoba.ca [130.179.16.8])
by electra.cc.umanitoba.ca (8.12.3/8.12.3) with ESMTP id g62K11oA027985
for <submit@bugs.debian.org>; Tue, 2 Jul 2002 15:01:02 -0500 (CDT)
Received: (from umdanie8@localhost)
by mira.cc.umanitoba.ca (8.12.0/8.12.0) id g62K11nw021026;
Tue, 2 Jul 2002 15:01:01 -0500 (CDT)
Date: Tue, 2 Jul 2002 15:01:01 -0500 (CDT)
From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
To: submit@bugs.debian.org
Subject: RFP: badurl -- Custom 403, 404's to slow CGI vulnerability scans
(cgi tarpit)
Message-ID: <Pine.GSO.4.40.0207021456580.20207-100000@mira.cc.umanitoba.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-DCC-UofM-Metrics: electra 1032; Body=1 Fuz1=1 Fuz2=1
Delivered-To: submit@bugs.debian.org
Subject: RFP: badurl -- Custom 403, 404's to slow CGI vulnerability scans (cgi tarpit)
Package: wnpp
Version: N/A; reported 2002-07-02
Severity: wishlist
* Package name : badurl
Version : 0.0.0-2000-11-08
Upstream Author : hlein@progressive-comp.com
* URL : http://www.theaimsgroup.com/~hlein/haqs/
* License : GPL
Description : Custom 403, 404's to slow CGI vulnerability scans (cgi tarpit)
(Include the long description here.)
"badurl, a proof-of-concept perl script to be installed as a custom
403, 404 handler on webservers to DoS CGI-vulnerability-scanners and
annoy script kiddies. Contains anti-self-DoS code to prevent this
being used by an attacker to DoS the webserver. Should be run under
mod_perl and Apache::Registry, but will work as a regular perl script
as well."
For those who are interested, there are other security patches available
from this author. I would like to see most of them Debian (at least as
RFP's).
Drew Daniels
---------------------------------------
Received: (at 151711-done) by bugs.debian.org; 15 Sep 2005 02:55:23 +0000
>From damog@cerdita.damog.net Wed Sep 14 19:55:23 2005
Return-path: <damog@cerdita.damog.net>
Received: from dsl-201-129-37-187.prod-infinitum.com.mx (cerdita.damog.net) [201.129.37.187]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EFjuF-0000W4-00; Wed, 14 Sep 2005 19:55:23 -0700
Received: by cerdita.damog.net (Postfix, from userid 1000)
id AE68C10791B; Wed, 14 Sep 2005 21:55:06 -0500 (CDT)
To: 151711-done@bugs.debian.org
Subject: WNPP bug closed
Message-Id: <20050915025506.AE68C10791B@cerdita.damog.net>
Date: Wed, 14 Sep 2005 21:55:06 -0500 (CDT)
From: damog@cerdita.damog.net (David Moreno Garza)
Delivered-To: 151711-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 128
Hello,
This is an automatic mail sent to close the RFP you have reported or
are involved with.
Your RFP wnpp bug is being closed because of the following reasons:
- It is, as of today, older than 600 days.
- It haven't had any activity recently.
- The amount of ITPs on the Debian BTS is huge and we need to
clean up a bit the place.
As this an automatic procedure, it could of course have something
wrong and probably it would be closing some bugs that are not
intended by owners and submitters (like you) to be closed, for
example if the RFP is still of your interest, or there has been
some kind of activity around it. In that case, please reopen the
bug, do it, DO IT NOW! (I don't want to be blamed because of
mass closing and not let people know that they can easily reopen
their bugs ;-).
To re-open it, you simply have to mail control@bugs.debian.org
with a body text like this:
reopen 123456
thanks bts
Replacing '123456' for the number of your RFP bug. The subject of the
mail is ignored. Or if you have any kind of problems when dealing with
the BTS, feel free to contact me and I'd be more than happy to help
you on this: <damog@debian.org>.
This is the first mass wnpp closing that will be done. The next close
will be done on inactive RFPs older than 450 days and finally, the
ones older than 365 days (an automatic script will close *inactive*
RFPs when they reach one year old).
A similar process is being applied to the ITP wnpp bugs in these
days.
Thanks for your cooperation,
-- David Moreno Garza <damog@debian.org> Wed, 14 Sep 2005 21:54:42 -0500
Reply to: