httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lee Grey" <leeg...@mindspring.com>
Subject RE: [users@httpd] Re: access log -- GET /scripts/..%%35%63../winnt/system32
Date Sun, 20 Oct 2002 18:31:48 GMT
On the other hand, given the fact that so many users have dynamic IP
addresses, you are really blocking a number that can't be guaranteed to
match the machine it came from at that moment.  The next day or two weeks
later, you are probably still vulnerable to the same "attack" from the same
infected machine, while having blocked access to your site by whatever
innocent machine currently has that IP address.

Just a thought.

Best wishes,
Lee Grey
Grey Matter
http://www.URLinOne.com

-----Original Message-----
From: Jeff Beard [mailto:jeff@cyberxape.com]
Sent: Sunday, October 20, 2002 2:24 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Re: access log -- GET
/scripts/..%%35%63../winnt/system32




PeterKorman wrote:
[...]

> So my question is this: It this sledgehammer I'm using likely to hurt me?

No but neither is the worm.

--Jeff

--
Jeff Beard | Systems Architecture, Programming, Management
Contact    | jeff at cyberxape dot com, 303.443.9339
Location   | In front of the computer, Boulder, CO, USA


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message