Q: OpenBSDs misc @ list (http://marc.theaimsgroup.com/?l=openbsd-miscu0026m=101582610108643u0026w=2)
vuln dev list (= http://marc.theaimsgroup.com/?l vuln-dev u0026 m = 101461114200301 u0026 w = 2)
The first just seems weird, and the second one I havent finished reading only . Im going to be checking my logs when I get the chance, just wondering if anyone else here is seeing strange things.
Just a few posts . (Http: / / lists.bikkel.org/archive/whitehat/Week-of-Mon-20020128/001823.html)
Game Copy Niche
Re:<<
<< any idea why i'm getting processes segfaulting? >>
Still running 1.3.3? If so, UPGRADE 
>>
I guess I shouldn't have removed as much as I did… I think doing that would require that I install dozens of other things 
Stop Snoring Now – A Proven Stop Snoring Method
Re:<< hmm… i just looked it up and you're right. >>
That surprises you? 
I have Linux versions of v4.5 and v5 on my shelf. I don't remember when they started on linux, but v4.5 lists RedHat 6.0/6.1 as a requirement and has a copyright date of 1999.
Mastering MindPower.
Re:<< any idea why i'm getting processes segfaulting? >>
Still running 1.3.3? If so, UPGRADE
Orgasmology.com.
Re:<<
<< as everyone here knows coldfusion only runs on windows >>
ColdFusion runs both on Windows and Linux. >>
hmm… i just looked it up and you're right. i wonder if the older versions supported linux. i'm fairly sure it didnt, the anandtech server upgrade page once said so i think, or at least hinted at it. whatever
Corpus Fishing Club
Re:any idea why i'm getting processes segfaulting?
Re:<< as everyone here knows coldfusion only runs on windows >>
ColdFusion runs both on Windows and Linux.
Re:<< I've got nothing out of the ordinary, maybe it's because my webserver is running on a sparc64? >>
I dont really have anything out of the ordinary either, but from the reports Ive seen its been on a variety of platforms. Probably just buggy admins or something.
Re:I've got nothing out of the ordinary, maybe it's because my webserver is running on a sparc64?
Re:<< i had alot of "Client sent malformed Host header" as well as a few nimda/code red errors.
there was one other thing that i failed to notice about 2 weeks ago where someone was apparently spoofing my address and searching for every file and directory under the sun. Maybe something i ran on my machine was trying to search for files, or maybe someone was searching for something, i'm not sure. here's a snippet of a bunch of the crap in my error log:
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfdocs/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/scripts/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfcache.map
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfide/Administrator/startst
op.html
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfappman/index.cfm
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] attempt to invoke directory as script: /var/www/cgi-bin
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/dbmlparser.exe
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/_vti_inf.html
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/_vti_pvt/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/webdist.cgi
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/handler
some of that stuff looks like windows crap, but i'm not sure about it all. for example, the line that looks for index.cfm…. thats for coldfusion files and as everyone here knows coldfusion only runs on windows. maybe its an aspect of nimda.code red that im not aware of. >>
Never seen that… I thought coldfusion ran on linux too though? Ive never looked into it
Re:i had alot of "Client sent malformed Host header" as well as a few nimda/code red errors.
there was one other thing that i failed to notice about 2 weeks ago where someone was apparently spoofing my address and searching for every file and directory under the sun. Maybe something i ran on my machine was trying to search for files, or maybe someone was searching for something, i'm not sure. here's a snippet of a bunch of the crap in my error log:
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfdocs/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/scripts/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfcache.map
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfide/Administrator/startst
op.html
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/cfappman/index.cfm
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] attempt to invoke directory as script: /var/www/cgi-bin
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/dbmlparser.exe
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/_vti_inf.html
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] File does not exist: /home/guy/WWW/_vti_pvt/
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/webdist.cgi
[Tue Jan 29 18:55:56 2002] [error] [client 134.126.171.78] script not found or unable to stat: /var/www/cgi-bin/handler
some of that stuff looks like windows crap, but i'm not sure about it all. for example, the line that looks for index.cfm…. thats for coldfusion files and as everyone here knows coldfusion only runs on windows. maybe its an aspect of nimda.code red that im not aware of.
Re:Could this be a lame attempt at exploiting that little PHP upload problem?
Re:<< The last time I checked, 3 was less than 22.
Sorry, but I am a complete idiot when it comes to Apache, so I can't help you there. >>
oh yeah… i'm used to the world of windoze where 3 is >29 and less than 31 although i shoulda figured it out since linux 2.4.17 is newer than 2.4.1, huh?
I also have a lot of malformed header errors.
It would be amusing to get that box rooted… I'm sure the owner of whatever IP block attacks would be pleased to hear
Re:Just checked my logs for the last month and nothing but the usual NIMDA and CodeRed scans….
Re:Im getting a lot of "Client sent malformed Host header" errors, but other than that nothing new.
Re:The last time I checked, 3 was less than 22.
Sorry, but I am a complete idiot when it comes to Apache, so I can't help you there.
Re:i guess nobody has? bump.
edit: is the versioning for "httpd" with redhat different from apache?
Re:RedHat 5.2 is from 1998 I believe, Id have to check on when apache 1.3.3 or whatever was released, but it was probably around the same time. You should really update everything
Re:I just saw this in my log…
<< [Sun Mar 10 06:03:35 2002] [error] [client 216.201.167.18] File does not exist: /home/httpd/html/scripts/..A..A..A..Awinnt/system32/cmd.exe
[Sun Mar 10 06:03:34 2002] [notice] httpd: child pid 4604 exit signal Segmentation fault (11)
[Sun Mar 10 06:03:35 2002] [notice] httpd: child pid 4600 exit signal Segmentation fault (11)
[Sun Mar 10 06:03:35 2002] [notice] httpd: child pid 4593 exit signal Segmentation fault (11)
[Sun Mar 10 06:03:35 2002] [notice] httpd: child pid 4592 exit signal Segmentation fault (11)
[Sun Mar 10 06:03:35 2002] [error] [client 216.201.167.18] File does not exist: /home/httpd/html/msadc/.. .. .. .. dwinnt/system32/cmd.exe >>
redhat 5.2
apache 1.3.3, built on oct 13, 1998.
on my windoze box, I have a few hundred pages of data from all the files in the directory where my verilog software is installed, but I'm assuming/hoping that this is the result of my bad hard drive and not an apache issue.
other than that, my logs are full of the usual: a little real traffic, and billions of nimda's with a few code reds.
edit: WTF? if the current is 1.3.22, how do I have 1.3.3 in redhat 5.2?? or is this a different version numbering?
0 Comments.