[plug] Beware hackers

Leon Brooks leonb at ami.com.au
Sun Jul 5 10:56:26 WST 1998

John Summerfield wrote:
> This has just come to my attention:
> access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:06 +0800] "GET
> /cgi-bin/phf" 404 -
> access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:07 +0800] "GET
> /cgi-bin/test-cgi" 404 -
> access_log.1:aurora.bridges.edu - - [30/Jun/1998:10:33:09 +0800] "GET
> /cgi-bin/handler" 404 -

> I gather that there was an exploit involving phf in earlier apaches.
> test-cgi reveals some informaiton about the server software. hander I
> don't know.

Probably from another web-server package or apache module. It certainly
looks Apache-specific. Have you turned around and explored aurora yet?

> I interpret these accesses (the only accesses from this remote machine in
> about three weeks) as an attempt to collate info about my machine
> preparatory to an attempt to crack it.

> I'm about to create a script to run in place of these to prepare me a
> report I can use to complain to some responsible person at the offending
> domain.

Ummm, three HTTP requests don't normally represent a "complaint" per se,
but you could _ask_ postmaster at aurora.bridges.edu or hostmaster@ or
webmaster@ or root@ some similar administrative address about the
access. If no joy, just chop "aurora." out of the address and try again.

More information about the plug mailing list