l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2001 Dec 30 17:07

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] wtf?!? heads up on doorknob twisting
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] wtf?!? heads up on doorknob twisting



On Sat, 28 Jul 2001, Peter Jay Salzman wrote:
> so i'm editing the apache error file, trying to iron out a few bugs in a perl
> cgi.   what i like to do is try to fix the problem, place a
> 
> ==========
> 
> at the end of the file, and retry.  this makes it easier to see what errors
> remain, so i don't confuse the previous errors with the current errors.  i go
> to write the file and see the message
> 
> 
> 	file has changed since last reading.  still write file (y/n)?

If you are having apache use the "system logger" you may want to check out
"logger" (command) for adding messages to log files that are being
written. Not doing this means you are opening a file for editing that was
opened for writing. If the editor does file locking, you could end up with
problems such as lost data after saving when other changes have occured
since your edit. (The warning from your editing of the file to add the
"===="

You may want to experiment with 
echo "========" >> /location/of/httpd/log/file.log
since loglines are generally line-based, this should not interrupt a
"stream" of data, but instead just add a line after the last added log
entry.

You might want to experiment with this though as on older systems I had
problems with appended writes breaking the logging to the file I appended.

> i quit without saving, and re-edit the file.  here's what i'm staring at:
> 
> [Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or
> 	unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or
> 	unable to stat: /usr/lib/cgi-bin/formmail.cgi
> 
> now this looks fishy.  in fact, i find:
> 
> [Fri Jul 27 07:38:09 2001] [error] [client 172.149.146.140] script not found or unable to stat: /usr/lib/cgi-bin/formmail.cgi
> [Fri Jul 27 07:38:12 2001] [error] [client 172.149.146.140] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Fri Jul 27 12:46:24 2001] [error] [client 209.9.133.3] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Fri Jul 27 18:58:57 2001] [error] [client 24.21.118.170] File does not exist: /www/cgi-local/formmail.cgi
> [Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or unable to stat: /usr/lib/cgi-bin/formmail.pl
> [Sat Jul 28 08:23:02 2001] [error] [client 66.74.250.139] script not found or unable to stat: /usr/lib/cgi-bin/formmail.cgi
> 
> seems like this is a popular script.  i've never heard of it.  after googling,
> i've found that this is a script that people can exploit to send spam.
> 
> i just wanted other people to be aware of this.  formmail dne on my machine.
> it could be on other peoples' machines.

You bring up a very good point here. It is a good idea for people o check
their cgi directory. If there cgi there that they do not use, then they
may want to think about moving them to another non-publice dir and/or
disabling the cgi/shtml/perl/etc-scripting modules from their web server
in the standard httpd.conf or srm.conf depending ont he age of their
apache server.

-ME
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++ 
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ !PGP
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
     Systems Department Operating Systems Analyst for the SSU Library


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.