httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dgau...@hotwired.com (Dean Gaudet)
Subject Re: Security probe
Date Wed, 17 Jul 1996 04:01:58 GMT
In article <hot.mailing-lists.new-httpd-199607161503.KAA20381@sierra.zyzzyva.com>,
Randy Terbush  <new-httpd@hyperreal.com> wrote:
>vh_behlen.com/access_log-behlen.com:sentry.wood.com - - [14/Jul/1996:22:43:17 -0500] "GET
/cgi-bin/phf?Qalias=foo%0aid" 404 419

I've been monitoring for accesses to phf for the past 2 or 3 months.
Up until last week we'd see one a week, now we're up to 3 or 4 per day.
wood.com is amongst them.  I'm actually going to just start sending the
stuff to CERT (note I'm logging the real ip to avoid reverse dns spoofing)
and hope the CERT blackhole does the right thing.  I can deal with
occasional cage rattles, but this is ridiculous.

Previously I'd send a note to the tech contact from whois for the net.
But that's getting tedious.

I know it's a touchy subject to talk about publically, but I'd be
interested in talking with people privately about what security auditing
you do on your server logs.

Dean

Mime
View raw message