[plug] Beware hackers

John Summerfield summer at os2.ami.com.au
Sun Jul 5 10:44:33 WST 1998


This has just come to my attention:
access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:06 +0800] "GET
/cgi-bin/phf" 404 -
access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:07 +0800] "GET
/cgi-bin/test-cgi" 404 -
access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:09 +0800] "GET
/cgi-bin/handler" 404 -

I gather that there was an exploit involving phf in earlier apaches.
test-cgi reveals some informaiton about the server software. hander I
don't know.

I interpret these accesses (the only accesses from this remote machine in
about three weeks) as an attempt to collate info about my machine
preparatory to an attempt to crack it.

I'm about to create a script to run in place of these to prepare me a
report I can use to complain to some responsible person at the offending
domain.

Cheers
John Summerfield
http://os2.ami.com.au/os2/ for OS/2 support.
Configuration, networking, combined IBM ftpsites index.



More information about the plug mailing list