Linux-Bulgaria.ORG

навигация

начало

пощенски списък

архив на групата

По Дата

RE: lug-bg: httpd secirity

Subject: RE: lug-bg: httpd secirity
From: bivol@email.domain.hidden (Peter An. Zyumbilev)
Date: Mon, 9 Jun 2003 23:52:01 +0300


Abe  na toia deto ti pravi tia nomera sto ne npravish s mod_rewrite da
polucha:
"302 Moved http://his.ip/requested_file";....
Toku vij si haknal sobsvtenoto pc - > sled dalgi krakove da si "hakne"
sobstvenata parola...
Drug variant za gavra e ako toie na trafik(shotm si v lan) i go rediretknesh
kam http://free.server.bg/niakoi_goliam_file
Pozdravi,
BIVOL

<p>Peter Zyumbilev

Web Developer & Administrator
BIVOL BULGARIA
email: bivol_at_bivol.net <mailto:bivol_at_bivol.net>
web: http://www.bivol.net <http://www.bivol.net>
tel.: +359 88 966940

<p><em class="quotelev1">> -----Original Message-----
<em class="quotelev1">> From: owner-lug-bg_at_linux-bulgaria.org
<em class="quotelev1">> [mailto:owner-lug-bg_at_linux-bulgaria.org]On Behalf Of LazCorp
<em class="quotelev1">> Sent: Monday, June 09, 2003 8:50 PM
<em class="quotelev1">> To: lug-bg_at_linux-bulgaria.org
<em class="quotelev1">> Subject: Re: lug-bg: httpd secirity
<em class="quotelev1">>
<em class="quotelev1">>
<em class="quotelev1">> öèòèðàì  Stefan Gurdev <steve_lug_at_abv.bg>:
<em class="quotelev1">>
<em class="quotelev2">> > Vurzan sum kum City Lan mreja. Prez nqkolko dni edin ot hostovete v
<em class="quotelev2">> > mrejata neshto si igrae s men. Eto log faila na apache-to:
<em class="quotelev2">> >
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET ///quote.html
<em class="quotelev1">> HTTP/1.0"
<em class="quotelev2">> > 404 272 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%
<em class="quotelev1">> 00
<em class="quotelev2">> > HTTP/1.0" 404 279 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/dcboard.cgi
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/nph-maillist.pl HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1">> 00&action=view&matchview=1
<em class="quotelev2">> > HTTP/1.0" 404 280 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "GET
<em class="quotelev2">> > /cgi-bin/ustorekeeper.pl?
<em class="quotelev1">> command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev2">> > HTTP/1.0" 404 283 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:24 +0300] "HEAD /cgi-bin/ikonboard/
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /foldoc/ HTTP/1.0"
<em class="quotelev1">> 404
<em class="quotelev2">> > 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-bin/adcycle/
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "GET
<em class="quotelev2">> > /cgi-bin/store.cgi?StartID=../etc/passwd%00.html HTTP/1.0" 404 277 "-"
<em class="quotelev2">> > "-"
<em class="quotelev2">> > 192.168.1.3 - - [08/Jun/2003:23:06:25 +0300] "HEAD /cgi-
<em class="quotelev1">> bin/bbs_forum.cgi
<em class="quotelev2">> > HTTP/1.0" 404 0 "-" "-"
<em class="quotelev2">> >
<em class="quotelev2">> >
<em class="quotelev2">> > Predpolagam hosta 192.168.1.3 e zarazen s nqkakuv virus, no vse pak
<em class="quotelev1">> nqkoi
<em class="quotelev2">> > imal li e podoen problem s tova neshto. Vuzmojno li e tova da e exploit
<em class="quotelev2">> > ili neshto ot tozi sort!!!
<em class="quotelev2">> >
<em class="quotelev2">> > Blagodarq predvaritelno!!!
<em class="quotelev2">> >
<em class="quotelev2">> > P.S: Znam che nivoto v tozi mail group e mnogo visoko. Tozi posting moje
<em class="quotelev2">> > bi ne e za tuk, pisah v nqkoi forumi no taka i ne poluchih kompetenten
<em class="quotelev2">> > otgovor!
<em class="quotelev2">> >
<em class="quotelev2">> > S uvajenie, Stefan!
<em class="quotelev2">> >
<em class="quotelev1">>
<em class="quotelev1">> /cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/passwd%00
<em class="quotelev1">> /cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%
<em class="quotelev1">> 00&action=view&matchview=1
<em class="quotelev1">> /cgi-bin/ustorekeeper.pl?
<em class="quotelev1">> command=goto&file=../../../../../../../../../../etc/passwd
<em class="quotelev1">>
<em class="quotelev1">> Potrebitelq ot tozi host se opitwa da hakne Apache-to ti
<em class="quotelev1">> Nqma kakwo da se symnqwash w towa!!!
<em class="quotelev1">> Prawi opiti s s powecheto izwestni bygowe na Apache.
<em class="quotelev1">> ../../../../../../../../../../../../ -  s towa se podsiurqwa che shte
<em class="quotelev1">> otide w glawnata papka /
<em class="quotelev1">> posle utiwa e /etc/passwd i se opitwa da iwede parolite ti
<em class="quotelev1">> chesno kazano towa e edin ot nai naludnichawite nachini za hakwane...za
<em class="quotelev1">> da ti dekriptira pass (oswen ako ti ne si slojil nqkoq smeshna parola)
<em class="quotelev1">> ili da izpolzwa baza danni ot kriptirani pasowe i da srywnqwa..mislq che
<em class="quotelev1">> wseki znae za tezi programki :)
<em class="quotelev1">> mislq che ako si slagash dobri stabilni pasowe na  mashinata nqma da
<em class="quotelev1">> imash nikakwi problemi nito da se pritesnqwash ot podobni nachinaniq.
<em class="quotelev1">> i wse pak mojesh da adnesh edno prawilo wyw firewall-a si da dropish
<em class="quotelev1">> zaqwkite ot tozi kompiutar :)))))
<em class="quotelev1">> Èãðàé è ñïå÷åëè ñ Àâòîìîáèëåí Ñàëîí Ñîôèÿ 2003 - http://auto.dir.bg
<em class="quotelev1">> -------------------------------------------------------------------
<em class="quotelev1">> Íàïðàâè ñè àäðåñ â mail.bG - http://mail.bg/new/
<em class="quotelev1">>
<em class="quotelev1">> ==================================================================
<em class="quotelev1">> ==========
<em class="quotelev1">> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
<em class="quotelev1">> http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. -
<em class="quotelev1">> Stara Zagora
<em class="quotelev1">> To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
<em class="quotelev1">> ==================================================================
<em class="quotelev1">> ==========
<em class="quotelev1">>

============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================

Относно:
- Re: lug-bg: httpd secirity
  - Изпратено от: lazcorp@email.domain.hidden (LazCorp)

Предишно по дата: RE: lug-bg: Seminar 2003 -WEB
Следващо по дата: Re: Re: lug-bg: httpd secirity
Предишно по тема: Re: lug-bg: httpd secirity
Следващо по тема: Re: lug-bg: httpd secirity
Индекс:
- По дата
- По тема

наши приятели

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

Linux-Bulgaria.ORG