RE: apache security question

From: Yonatan Bokovza (Yonatan@xpert.com)
Date: 06/14/01


From: Yonatan Bokovza <Yonatan@xpert.com>
To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org>
Date: Thu, 14 Jun 2001 21:34:09 +0300

and if you'r totaly paranoid and this is
the only instance you saw "HEAD /" in the logs,
you might consider filtering this IP in your firewall.
You do have a firewall, right?

> -----Original Message-----
> From: default013 - subscriptions
> [mailto:default013subscriptions@hotmail.com]
> Sent: Thursday, June 14, 2001 16:21
> To: freebsd-security@FreeBSD.ORG
> Cc: Neil Fryer
> Subject: Re: apache security question
>
>
> Neil,
>
> Thanks all, :)
>
> I attempted this in telnet and got a 'method not supported'
> message. ... I'm
> just being extra careful lately because I know that this guy
> is tryin to do
> things to my box... whatever this was, it didnt work so... thanks
>
> ----- Original Message -----
> From: "Neil Fryer" <neilf@mip.co.za>
> To: "default013 - subscriptions"
> <default013subscriptions@hotmail.com>;
> "default013 - subscriptions" <default013subscriptions@hotmail.com>;
> <freebsd-security@FreeBSD.ORG>
> Sent: Thursday, June 14, 2001 8:09 AM
> Subject: Re: apache security question
>
>
> > 'ello
> >
> > Ok, afaik, this command could quite easily be run by
> telnetting into port
> 80 on
> > your webserver, as you'll have this open anyway on your fw
> to allow web
> > traffic, as for your other question, sorry can't help.
> >
> > Cheers
> > Neil Fryer
> > neilf@mip.co.za
> >
> >
> >
> > On Thu, 14 Jun 2001, default013 - subscriptions wrote:
> > > Hello, I've been advised that someone is attempting to
> break into my
> box,
> > > and I know that this person is knowledgeable so I've been
> watching for
> > > unusual activity...
> > >
> > > I noticed this entry in one of my apache logfiles
> yesterday, and was
> > > wondering if anyone could explain to me what this is:
> > >
> > > mydomainname.com otherguyshostname.com - -
> [12/Jun/2001:18:21:35 -0500]
> > > "HEAD / HTTP/1.0" 200 0 "-"
> > >
> > > It appears to me like they somehow executed the 'head'
> command... how
> would
> > > one do this, and how could you stop it?
> > >
> > > Thanks, Jordan
> > >
> > > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > --
> > "Against stupidity, even the Gods struggle in vain."
> > - Friedrich von Schiller
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message