httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Passaniti" <jp...@rochester.rr.com>
Subject RE: More help with apache and CGI-Perl
Date Mon, 01 Jul 2002 16:40:13 GMT
> Why give *anything* away?  (Unless you have a reason.)

Good question.  So Why does Apache announce it's own platform in a bad
request response and likely other responses.  Someone's trying to kick
up the graphs at www.netcraft.com again.

> You might have a Unixish box that will handle a
> request for '/cgi-bin/foo.exe' just for the fun 
> of sitting back and watching people trying to 
> break into your 'Windows' system.

Actually, that's not necessary.  In my experience, the script kiddies
looking for vulnerabilities simply point their scripts at a block of IP
addresses and let them rip.  I see this in the server logs for the three
servers I manage-- the Linux server has tons of attempts to do all the
standard attacks against Windows systems (and vice versa).  Which means
that the script kiddies aren't even bothering to first check the
platform a system runs on.  They simply spew forth every known attack,
and hope they find something.




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message