You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike <ma...@rmci.net> on 2002/12/17 08:32:45 UTC

RE: [users@httpd] Hacker? -Thanks Karkoma!!

This opened up a lot new things for me using the SetEnvIf Request. Your
post is working great!!!

M;)

-----Original Message-----
From: karkoma [mailto:karkoma@karkomaonline.com] 
Sent: Wednesday, December 04, 2002 7:22 PM
To: users@httpd.apache.org; Gary Turner
Subject: Re: [users@httpd] Hacker?


This is what I have in my conf file to avoid this kind of kiddies...

....
  SetEnvIf Request_URI MSADC imbecil
  SetEnvIf Request_URI scripts imbecil
  SetEnvIf Request_URI default.ida imbecil
  SetEnvIf Request_URI \.exe$ imbecil
  SetEnvIf Request_URI \.dll$ imbecil
  SetEnvIf Request_URI msadc imbecil
  SetEnvIf Request_URI cgi-bin msadc imbecil
  CustomLog /var/log/httpd/imbecil.log common env=imbecil
....

  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/access.log common env=!imbecil
....

Read the manual to try to understand this...



On Wednesday 04 December 2002 09:58 am, Gary Turner wrote:
> H. Carter Harris wrote:
> >I have a test apache system where I am trying to learn how to use it.

> >I  got the access_log file working and I noticed the following 
> >entries in  the log:
> >
> >66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET 
> >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
>
> <snip>
>
> >This installation is on a Mandrake Linux box, not NT.  Is someone 
> >trying  to hack into the system?
>
> Yeah, script-kiddies and their bots.  A PITA.
>
> BTW, your clock is off by 12 hours or so>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org