[GLLUG] apache security, file permissions and screen settings

Seth Bembeneck sbdataspiller at sbcglobal.net
Fri Dec 5 11:03:00 EST 2003 

First: Apache security

I just checked my apache log and saw these entrees:

+++

68.113.22.41 - - [04/Dec/2003:23:32:57 +0000] "GET
/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 392 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:02 +0000] "GET
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/sy
stem32/cmd.exe?/c+dir HTTP/1.0" 404 408 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:07 +0000] "GET
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:12 +0000] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:17 +0000] "GET
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:31 +0000] "GET
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:37 +0000] "GET
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:44 +0000] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"

68.113.22.41 - - [04/Dec/2003:23:33:49 +0000] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375 "-"
"-"

68.113.22.41 - - [04/Dec/2003:23:33:54 +0000] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375 "-" "-"

 

+++

Looks to me like some one trying to access my system, am I right? This made
me start to question how secure my system is.

 

Can any one give any steps on how to make sure it is secure? Any tests that
can be run?

 

Second: File permissions (probabely could also go under number 1):

 

What should the permissions be for the /var/www/localhost/cgi-bin folder be?
For the scripts in side the folder?

 

Third: Screen Resolution and Refresh rate

 

I just got an LCD monitor. How do I change the resolution and refresh rate
for the x server?

 

For all of the above, I'm using Gentoo as my OS.

 

Thanks,

 

Seth Bembeneck

sbdataspiller at sbcglobal.net

 

           ^

        (0 0)

--(((---v---)))----

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.egr.msu.edu/archives/public/linux-user/attachments/20031205/9267e669/attachment.htm

More information about the linux-user mailing list