[715] in Intrusion Detection Systems
Re: rootkit and other bits'n'pieces.
daemon@ATHENA.MIT.EDU (Jan Koum)
Sun Jul 14 15:32:36 1996
Date: Tue, 9 Jul 1996 02:35:50 -0700 (PDT)
From: Jan Koum <jkoum@leland.Stanford.EDU>
In-Reply-To: <Pine.SGI.3.91.960705161527.23332A-100000@umbc7.umbc.edu>
Reply-To: ids@uow.edu.au
Apparently-To: <ids-redist@mit.edu>
[ Quoted Mail Deleted ]
The new apache httpd come with no cgi-bin files at all (which is
good), here is a line from my .cshrc:"tail /www/logs/*/*log|grep phf", the
most common (95%) I see is:
http://www.somewhere.somesystem/cgi-bin/phf?Qalias=x%0a/bin/cat%20/etc/passwd
The question I have is how safe is it to have scripts which would only
send output to the browser, aka finger, date, uptime, uname. Those are
just 3-5 line's scripts, but I just want to make sure they dont present
any danger. Also, what about a counter? Is it better to have on written in
a certain language? Thanks.
-- yan
