httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "KAN NAN" <kannan_...@hotmail.com>
Subject Re: [users@httpd] What is a stable/latest version of Apache?
Date Wed, 24 Sep 2003 15:46:48 GMT
<html><div style='background-color:'><DIV>
<P>I agree with your suggestions Mr. Ben Ricker.<BR>We are using Apache as just
as a Http server, there is no cgi or perl scripts running. Major work is done by JServ. Moreover
upgrading to Apache 2.0.47 seems to be a major work for now. The main reason why we are upgrading
is that, we have identified certain vulnerabilities like Chunked encoding,.... in apache 1.3.14
which are fixed in 1.3.28.<BR><BR>Can you please tell me why this request : <A
href="http://server/cgi-bin/com5.pl">http://server/cgi-bin/com5.pl</A> or com5.java,
gives me a Internal server error. Is there any way to block this kind of request. Moreover,
I analysed my log files, there were lot of rubbish request made, it seems that some tried
to scan my web system to identify the vulnerabilities. This scanning process actually crashed
my system. This was the major reason for upgrading to 1.3.28.</P>
<P>Some of the rubbish request found in apache log files are:</P><FONT size=2></DIV>
<P>193.128.100.73 - - [19/Sep/2003:14:35:03 +0100] "GET /cgi-bin/com5.java HTTP/1.0"
500 530</P>
<DIV></DIV>
<P>193.128.100.73 - - [19/Sep/2003:14:35:04 +0100] "GET /cgi-bin/com5.pl HTTP/1.0" 500
530</P></FONT><FONT size=2>
<DIV></DIV>
<P>193.128.100.73 - - [19/Sep/2003:15:43:29 +0100] "GET /psbooks/ HTTP/1.0" 404 202</P>
<DIV></DIV>
<P>193.128.100.73 - - [19/Sep/2003:15:43:29 +0100] "GET /cgi-bin/psdoccgi.exe?key=test&amp;summary=5&amp;targetframe=_top&amp;sort=BKTITLE+asc+SCORE+desc+vdkvgwkey+asc&amp;max=50&amp;bkhead=1&amp;seqdocnbr=1&amp;clicks=1&amp;allcoll=psbooks%231%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24%2C25%2C26%2C27%2C28%2C29%2C30%2C31%2C32%2C33%2C34%2C35%2C36%2C37%2C38%2C39%2C40%2C41%2C42%2C43%2C44%2C45%2C46%2C47%2C48%2C49%2C50%2C51%2C52%2C53%2C54%2C55%2C56%2C57%2C58%2C59%2C60%2C61%2C62%2C63%2C64%2C65%2C66%2C67%2C68%2C69%2C70%2C71%2C72%2C73%2C74%2C75%2C76%2C77%2C78%2C79%2C80%2C81%2C82%2C83%2C84%2C85%2C86%2C87%2C88%2C89%2C90%2C91%2C92%2C93&amp;isall=all&amp;collection=0&amp;lang=eng&amp;headername=../../../../../boot.ini&amp;footername=../../../../../boot.ini&amp;targetframe=_top
HTTP/1.0" 404 214</P>
<DIV></DIV>
<P>Is there other way to secure my web server or block such scanning attempts.....<BR>thanks
in advance,<BR>-kannan</FONT><BR></P>
<DIV></DIV>
<P><BR><BR>&nbsp;</P>
<DIV></DIV>
<P><BR><BR>&nbsp;</P>
<DIV></DIV>
<DIV></DIV>
<DIV></DIV>&gt;From: Ben Ricker <BRICKER@WELLINX.COM>
<DIV></DIV>
<DIV></DIV>&gt;Reply-To: bricker@wellinx.com 
<DIV></DIV>
<DIV></DIV>&gt;To: users@httpd.apache.org 
<DIV></DIV>
<DIV></DIV>&gt;Subject: Re: [users@httpd] What is a stable/latest version
of Apache? 
<DIV></DIV>
<DIV></DIV>&gt;Date: Wed, 24 Sep 2003 09:31:49 -0500 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;Since you are using Jserv, you will not be able to upgrade
to Apache 
<DIV></DIV>
<DIV></DIV>&gt;2.0.x. You will have to stick to the 1.3.x branch. 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;Ben Ricker 
<DIV></DIV>
<DIV></DIV>&gt;Wellinx, inc. 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;On Wed, 2003-09-24 at 09:06, KAN NAN wrote: 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Can any one reply me plz..... 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Hi All, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; My application currently runs on Apache/1.3.14 (Win32)
&amp; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ApacheJServ/1.1.2. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; I am planning to go for upgrading my Apache server.

<DIV></DIV>
<DIV></DIV>&gt; &gt; Can any one please tell me which higher version should
I go for. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Should I go for Apache 1.3.28 or Apache 2.0.47? Iam
quite confused, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Will there be a major changes in the application?

<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; thanks in advance, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; -kannan 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ______________________________________________________________________

<DIV></DIV>
<DIV></DIV>&gt; &gt; Access Hotmail from your mobile now. Click here.

<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ______________________________________________________________________

<DIV></DIV>
<DIV></DIV>&gt; &gt; From: KAN NAN <KANNAN_MCA@HOTMAIL.COM>
<DIV></DIV>
<DIV></DIV>&gt; &gt; To: users@httpd.apache.org 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Subject: [users@httpd] What is a stable/latest version
of Apache? 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Date: Wed, 24 Sep 2003 12:30:24 +0000 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Hi All, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; My application currently runs on Apache/1.3.14 (Win32)
&amp; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ApacheJServ/1.1.2. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; I am planning to go for upgrading my Apache server.

<DIV></DIV>
<DIV></DIV>&gt; &gt; Can any one please tell me which higher version should
I go for. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Should I go for Apache 1.3.28 or Apache 2.0.47? Iam
quite confused, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Will there be a major changes in the application?

<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; thanks in advance, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; -kannan 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ______________________________________________________________________

<DIV></DIV>
<DIV></DIV>&gt; &gt; Access Hotmail from your mobile now. Click here.

<DIV></DIV>
<DIV></DIV>&gt; &gt; ---------------------------------------------------------------------

<DIV></DIV>
<DIV></DIV>&gt; &gt; The official User-To-User support forum of the Apache
HTTP Server 
<DIV></DIV>
<DIV></DIV>&gt; &gt; Project. See for more info. To unsubscribe, e-mail:

<DIV></DIV>
<DIV></DIV>&gt; &gt; users-unsubscribe@httpd.apache.org " from the digest:

<DIV></DIV>
<DIV></DIV>&gt; &gt; users-digest-unsubscribe@httpd.apache.org For additional
commands, 
<DIV></DIV>
<DIV></DIV>&gt; &gt; e-mail: users-help@httpd.apache.org 
<DIV></DIV>
<DIV></DIV>&gt; &gt; 
<DIV></DIV>
<DIV></DIV>&gt; &gt; ______________________________________________________________________

<DIV></DIV>
<DIV></DIV>&gt; &gt; ---------------------------------------------------------------------

<DIV></DIV>
<DIV></DIV>&gt; &gt; The official User-To-User support forum of the Apache
HTTP Server Project. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; See <?XML:NAMESPACE PREFIX = URL /><URL:http:
userslist.html httpd.apache.org>for more info. 
<DIV></DIV>
<DIV></DIV>&gt; &gt; To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; &gt; " from the digest: users-digest-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; &gt; For additional commands, e-mail: users-help@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV>&gt;---------------------------------------------------------------------

<DIV></DIV>
<DIV></DIV>&gt;The official User-To-User support forum of the Apache HTTP
Server Project. 
<DIV></DIV>
<DIV></DIV>&gt;See <URL:http: userslist.html httpd.apache.org>for more
info. 
<DIV></DIV>
<DIV></DIV>&gt;To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; " from the digest: users-digest-unsubscribe@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt;For additional commands, e-mail: users-help@httpd.apache.org

<DIV></DIV>
<DIV></DIV>&gt; 
<DIV></DIV>
<DIV></DIV></URL:http:></URL:http:>
<DIV></DIV></div><br clear=all><hr>Talk to Karthikeyan. Watch
his stunning feats. <a href="http://g.msn.com/8HMBENIN/2731??PS=">Download images.</a>
</html>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message