You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mike <ma...@rmci.net> on 2002/12/17 08:32:45 UTC
RE: [users@httpd] Hacker? -Thanks Karkoma!!
This opened up a lot new things for me using the SetEnvIf Request. Your
post is working great!!!
M;)
-----Original Message-----
From: karkoma [mailto:karkoma@karkomaonline.com]
Sent: Wednesday, December 04, 2002 7:22 PM
To: users@httpd.apache.org; Gary Turner
Subject: Re: [users@httpd] Hacker?
This is what I have in my conf file to avoid this kind of kiddies...
....
SetEnvIf Request_URI MSADC imbecil
SetEnvIf Request_URI scripts imbecil
SetEnvIf Request_URI default.ida imbecil
SetEnvIf Request_URI \.exe$ imbecil
SetEnvIf Request_URI \.dll$ imbecil
SetEnvIf Request_URI msadc imbecil
SetEnvIf Request_URI cgi-bin msadc imbecil
CustomLog /var/log/httpd/imbecil.log common env=imbecil
....
ErrorLog /var/log/httpd/error.log
CustomLog /var/log/httpd/access.log common env=!imbecil
....
Read the manual to try to understand this...
On Wednesday 04 December 2002 09:58 am, Gary Turner wrote:
> H. Carter Harris wrote:
> >I have a test apache system where I am trying to learn how to use it.
> >I got the access_log file working and I noticed the following
> >entries in the log:
> >
> >66.137.7.57 - - [02/Dec/2002:19:49:26 -0500] "GET
> >/scripts/..%255c%255c../winnt/system32/cmd.exe?/c+dir" 404 -
>
> <snip>
>
> >This installation is on a Mandrake Linux box, not NT. Is someone
> >trying to hack into the system?
>
> Yeah, script-kiddies and their bots. A PITA.
>
> BTW, your clock is off by 12 hours or so>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org