I just want leave a note to all people running web servers on thier debian machines. Check your cgi-bin dir for the following files:
test-cgi nph-test-cgi phf php.cgi? I have looked up information on these cgi's and they are old software code that people can use to grap passwd files and such. Someone tried to attack me the other day using these: sl29.burgoyne.com - - [20/Apr/1997:12:46:00 -0400] "GET /cgi-bin/test-cgi?*" 404- sl29.burgoyne.com - - [20/Apr/1997:12:46:01 -0400] "GET /cgi-bin/nph-test-cgi?*" 404 - sl29.burgoyne.com - - [20/Apr/1997:12:46:03 -0400] "GET /cgi-bin/phf?Qname=j-shaman.phf.scanner%0Aid%0Awhoami%0A" 404 - sl29.burgoyne.com - - [20/Apr/1997:12:46:04 -0400] "GET /cgi-bin/phf?Qname= j-shaman.phf.scanner%0Acat%20/etc/passwd%0Aypcat%20passwd%0A" 404 - sl29.burgoyne.com - - [20/Apr/1997:12:46:05 -0400] "GET /cgi-bin/php.cgi?/etc/passwd" 404 - Luckily I have been good on staying on top of my software, so the hacker received "404 not found" I suggest everyone check for these files and check your http logs if you have older versions of web servers. Dennis ==================================================================== + dpk <[EMAIL PROTECTED]> + work : 517.353.8892 + + Systems Undergrad + pager: 517.222.5875 + + Division of Engineering Computing Services + Quote me + ==================================================================== -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
