Subject: | |
From: | |
Reply To: | |
Date: | Mon, 12 May 1997 14:07:55 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Chris Bartram writes:
> While this is a common trick in the Unix world, there is a program
> called 'phf' that is distributed with most every web server distribution
> in the world today, and a very commonly known "hack" to get it to return
> files (like /etc/passwd on Unix systems) to any user sending a properly
> formatted command to the web server over the net.
Apache/iX does *not* include phf.
Because I see these phf attempts against my own systems several times per
week, I wrote a cute little Perl CGI script to trap these requests, send me
an e-mail that lists all identifying environment information about the
attacker, and then display a cute little page back to the attacker warning
them that their feeble attempt has been detected.
To see it from an attacker's point of view, visit:
http://www.cccd.edu/cgi-bin/phf?hp3000-l
The hp3000-l part is just to let me know it's one of you guys and not an
actual break-in attempt.
The substitute script that does this is listed below:
#!/usr/bin/sh
webmaster="[log in to unmask]"
set | /usr/bin/mailx -s "WARNING: phf hack attack" $webmaster
echo "Content-Type: text/html\n\n"
cat - <<EOF
<HTML>
<HEAD><TITLE>Get A Life!</TITLE>
<BODY>
<H1>Get A Life!</H1>
<P>Your <A HREF="ftp://info.cert.org/pub/cert_advisories/CA-96.06.cgi_example_code">phf hack attack</A> has been intercepted, and the following identification
information has just been sent to the webmaster of this machine:</P>
<PRE>
EOF
set | grep -e ^HTTP -e ^PATH_INFO -e ^QUERY_STRING -e ^REMOTE
cat - <<EOF
</PRE>
<P>Why don't you find something more constructive to do with the obviously
excessive free time you have on your hands?</P>
</BODY>
</HTML>
EOF
--
Mark Bixby E-mail: [log in to unmask]
Coast Community College Dist. Web: http://www.cccd.edu/~markb/
District Information Services 1370 Adams Ave, Costa Mesa, CA, USA 92626-5429
Technical Support +1 714 438-4647
"You can tune a file system, but you can't tune a fish." - tunefs(1M)
|
|
|