Hello, While this is a common trick in the Unix world, there is a program called 'phf' that is distributed with most every web server distribution in the world today, and a very commonly known "hack" to get it to return files (like /etc/passwd on Unix systems) to any user sending a properly formatted command to the web server over the net. While there's no /etc/passwd on a 3000 to worry about, the phf program is probably still best disabled or removed. It's in the cgi-bin directory of your web server software. If you think people don't know about and try to take advantage of this trick, here's an excerpt from our server's error log (note these appear in our error log because we removed the phf program -- if you didn't, you might want to search your *access* log for evidence of attempted intruders): /WWW/WWW/ARPA/httpd_1.3/logs>cat error | grep phf [Sun Mar 23 11:22:39 1997] httpd: access to /cgi-bin/phf?Qname=%0Acat%20/etc/p swd denied for t6o16p8.telia.com, reason: file not found [Sun Apr 6 17:37:06 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2 etc/passwd denied for wxs7-2.worldaccess.nl, reason: file not found [Tue Apr 8 15:17:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2 etc/passwd denied for wxs8-14.worldaccess.nl, reason: file not found [Thu Apr 17 06:47:50 1997] httpd: access to /cgi-bin/phf?Q=%0aid denied for pc -slip.ccs-stag.deakin.edu.au, reason: file not found [Mon Apr 21 15:03:31 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2 etc/passwd denied for wxs8-4.worldaccess.nl, reason: file not found [Wed Apr 23 06:58:00 1997] httpd: access to /cgi-bin/phf?Qname=asd=%0acat%20/e /passwd denied for wimol2.wimol.ksc.co.th, reason: file not found [Mon May 5 06:27:41 1997] httpd: access to /cgi-bin/phf?Qalias=x%0a/bin/cat%2 etc/passwd denied for 139.134.243.139, reason: file not found That's seven dweebs that have tried to get /etc/passwd on our *hp3000* just since March 23 (when our current log file started). While I don't know if phf can get to files in other accounts on the 3000(?), it's still best disabled. Be careful out there. -Chris Bartram ______________________/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_ Chris Bartram Sales (US): 800 Net-Mail Fax:+1 703 451-3720 ______ +1 703 569-9189 mailto:[log in to unmask] /__ | \__________ Sales (Europe):+44(1480)414131 Fax:+44(1480)414134 / / | / ________ Sales (Pacific Rim):+61 3 9489 8216 (same for fax) | /_ |< ______ Tech Support:+1 703 569-9189 Fax:+1 703 451-3720 \ __)| \ ___ mailto:[log in to unmask] Me: mailto:[log in to unmask] \______/Associates, 6901 Old Keene Mill Rd Suite 500 Springfield VA 22150 _________________Inc._/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_/\_ Gopher: gopher.3k.com Anon-FTP: ftp.3k.com WWW: http://www.3k.com/