[GLLUG] apache security, file permissions and screen settings

Michael Watters wattersm at wattersm.net
Fri Dec 5 17:52:35 EST 2003 

Seth Bembeneck wrote:
> First: Apache security
> 
> I just checked my apache log and saw these entrees:
> 
> +++
> 
> 68.113.22.41 - - [04/Dec/2003:23:32:57 +0000] "GET 
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir 
> HTTP/1.0" 404 392 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:02 +0000] "GET 
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir 
> HTTP/1.0" 404 408 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:07 +0000] "GET 
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:12 +0000] "GET 
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:17 +0000] "GET 
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:31 +0000] "GET 
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:37 +0000] "GET 
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:44 +0000] "GET 
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:49 +0000] "GET 
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375 
> "-" "-"
> 
> 68.113.22.41 - - [04/Dec/2003:23:33:54 +0000] "GET 
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375 "-" "-"
> 
>  
> 
> +++
> 
> Looks to me like some one trying to access my system, am I right? This 
> made me start to question how secure my system is.
> 
>  
> 
> Can any one give any steps on how to make sure it is secure? Any tests 
> that can be run?
> 
>  
> 
> Second: File permissions (probabely could also go under number 1):
> 
>  
> 
> What should the permissions be for the /var/www/localhost/cgi-bin folder 
> be? For the scripts in side the folder?
> 
>  
> 
> Third: Screen Resolution and Refresh rate
> 
>  
> 
> I just got an LCD monitor. How do I change the resolution and refresh 
> rate for the x server?
> 
>  
> 
> For all of the above, I’m using Gentoo as my OS.
> 
>  
> 
> Thanks,
> 
>  
> 
> Seth Bembeneck
> 
> sbdataspiller at sbcglobal.net
> 
>  
> 
>            ^
> 
>         (0 0)
> 
> --(((---v---)))----
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user

Those are just Code Red or Nimda attacks so you really don't have to 
worry about them.

CGI scripts should be executable for the web server to access them, 
usually chmod 755 works.

You can edit /etc/X11/XF86Config for the screen refresh rates, they are 
listed under the Monitor section.

More information about the linux-user mailing list