[5108] in WWW Security List Archive
What's this ?
daemon@ATHENA.MIT.EDU (Chung-Rui Kao)
Wed Apr 16 14:02:34 1997
Date: Wed, 16 Apr 1997 18:55:18 +0800
From: Chung-Rui Kao <kaoc@hep3.phys.sinica.edu.tw>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Dear Sir:
What does it mean ? if you find such messages in your access_log..
ps. my httpd is the NCSA version.
ip014.dialup.ntu.edu.tw - - [30/Jan/1997:18:50:58 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 644
ip010.dialup.ntu.edu.tw - - [01/Feb/1997:10:57:35 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 677
ogg081-025.resnet.wisc.edu - - [22/Feb/1997:01:21:32 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 681
192.192.98.116 - - [27/Mar/1997:19:17:43 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 759
Besides, I hope to know how can I prove whether there is someone who
tried to hack or had hacked my WWWW server?? My old httpd was the NCSA
HTTPd 1.3. As the document in the NCSA's offical site, it said there's
control codes in the access then there's someone attend to hack your server.
There's no any control code in my access_log file, but I doubt someone
hacked my server through the httpd daemon, and I hope someone can help me
to prove that.
Thank you.
4/16'97