httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Burden" <...@burden.ca>
Subject Re: [users@httpd] security threat?
Date Fri, 21 Jan 2005 14:22:29 GMT
That's not necessarily successful. grep your access logs for that username
and you'll likely see all entries have 401 in them. Or it's possible that
there wasn't even an attempt on a protected directory, but that the guy sent
a request in this form:
http://thorm}x9e6@www.domain.com/somedir/


----- Original Message ----- 
From: "Andy J.M." <apache2@yourimedia.com>
To: <users@httpd.apache.org>
Sent: Friday, January 21, 2005 9:17 AM
Subject: [users@httpd] security threat?


I found what looks like a successful unauthorized access to a forbidden
directory. In my Webalizer log there is a "Usernames" entry that states "2"
visits and five hits from username: thorm}x9e6

Google gives very little on this entry. Any ideas what it is, what is it
exploiting, and more importantly how to prevent the hack?

Also, what is the escaped hex?

-Andy





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message