[lug] What do you do about hackers (in the current sense of uninvited obnoxious intruders)
Paul Bille
Paul at ebille.cudenver.edu
Fri Apr 12 18:03:36 MDT 2002
Is there anything that can or shoud be done about folks trying to access
/etc/passwd?
How would you interpret httpd/access.log entries like this? I think it's
someone abusing my hospitality. What do you thing?
[Fri Apr 12 13:29:12 2002] [error] [client 217.82.33.200] Invalid URI in
request GET /../../../../../../../../../../../etc/passwd HTTP/1.0
[Fri Apr 12 13:29:12 2002] [error] [client 217.82.33.200] File does not
exist: /var/www/html/iisadmpwd/
[Fri Apr 12 13:29:12 2002] [error] [client 217.82.33.200] script not found
or unable to stat: /var/www/cgi-bin/auktion.pl
Name: pD95221C8.dip.t-dialin.net
Address: 217.82.33.200
217.82.33.200 - - [12/Apr/2002:13:28:10 -0600] "GET / HTTP/1.0" 200 5714
217.82.33.200 - - [12/Apr/2002:13:28:10 -0600] "GET
HTTP://www.microsoft.com/ HTTP/1.0" 200 5714
217.82.33.200 - - [12/Apr/2002:13:28:40 -0600] "" 501 -
217.82.33.200 - - [12/Apr/2002:13:28:40 -0600] "" 501 -
217.82.33.200 - - [12/Apr/2002:13:28:40 -0600] "" 501 -
217.82.33.200 - - [12/Apr/2002:13:28:40 -0600] "" 501 -
217.82.33.200 - - [12/Apr/2002:13:28:41 -0600] "GET / HTTP/1.0" 200 5714
217.82.33.200 - - [12/Apr/2002:13:29:12 -0600] "GET
/../../../../../../../../../../../etc/passwd HTTP/1.0" 400 375
217.82.33.200 - - [12/Apr/2002:13:29:13 -0600] "GET
/../../../../../../../../../../../etc/passwd HTTP/1.0" 400 375
217.82.33.200 - - [12/Apr/2002:13:29:18 -0600] "GET /../../../boot.ini
HTTP/1.0" 400 349
217.82.33.200 - - [12/Apr/2002:13:29:19 -0600] "GET /../../../boot.ini
HTTP/1.0" 400 349
Thanks,
Paul
http://bille.cudenver.edu/author/
More information about the LUG
mailing list