Re: [OCLUG-Tech] Apache sercuity question

2011-12-16 Thread Bill Strosberg
On 11-12-13 12:37 PM, Bart Trojanowski wrote: > > http://www.jukie.net/~bart/html_test/?foo=foo > > html_test/index.html is just a static html. It returns 200. the foo=foo > seems to be ignored. > > -Bart > All this stuff is predicated on the webserver allowing bad things to happen. In

Re: [OCLUG-Tech] Apache sercuity question

2011-12-14 Thread Peter Sjoberg
On Wed, 2011-12-14 at 09:07 -0500, Brenda J. Butler wrote: > On Tue, Dec 13, 2011 at 12:37:11PM -0500, Bart Trojanowski wrote: > > 2011/12/13 Jean-Fran?ois Bilodeau > > > > > It should, but if the probe was successful with > > > /?file=../../../../../../proc/self/environ%00, that tells me that th

Re: [OCLUG-Tech] Apache sercuity question

2011-12-14 Thread Brenda J. Butler
On Tue, Dec 13, 2011 at 12:37:11PM -0500, Bart Trojanowski wrote: > 2011/12/13 Jean-Fran?ois Bilodeau > > > It should, but if the probe was successful with > > /?file=../../../../../../proc/self/environ%00, that tells me that the index > > may be a script (ie: index.php instead of index.html). >

Re: [OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Bart Trojanowski
2011/12/13 Jean-François Bilodeau > It should, but if the probe was successful with > /?file=../../../../../../proc/self/environ%00, that tells me that the index > may be a script (ie: index.php instead of index.html). > > Another possibility is that the query string was indeed ignored, and there

Re: [OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Jean-François Bilodeau
On 13/12/2011 10:02 AM, Bart Trojanowski wrote: > 2011/12/13 Jean-François Bilodeau > > > May I recommend that instead of banning, you close the security hole? > Disable whatever is allowing content access via ?xxx=. > > > Doesn't that mean stopping apach

Re: [OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Bart Trojanowski
2011/12/13 Jean-François Bilodeau > May I recommend that instead of banning, you close the security hole? > Disable whatever is allowing content access via ?xxx=. > > Doesn't that mean stopping apache? I am not a web developer of any means, but I think you can pass a ?xxx= request to index.html.

Re: [OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Jean-François Bilodeau
On 13/12/2011 9:34 AM, Jeffrey Moncrieff wrote: > > Hello > > I have am host a couple of virtual web servers at home. The sites are not > that busy. But I am seeing a lot of 404 errors and this morning I was > checking my daily logwatch report and I spotted some weird in the logs > >A tota

Re: [OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Woogie
You're looking for fail2ban, a program which combines active log-monitoring with IP blacklisting and other response measures. You can configure it so that after "X" 404s from a single client, that client gets their IP blacklisted for Y hours. On Tue, Dec 13, 2011 at 9:34 AM, Jeffrey Moncrieff wro

[OCLUG-Tech] Apache sercuity question

2011-12-13 Thread Jeffrey Moncrieff
Hello I have am host a couple of virtual web servers at home. The sites are not that busy. But I am seeing a lot of 404 errors and this   morning I was checking my daily logwatch report and I spotted some weird  in the logs   A total of 2 sites probed the server     122.255.96.164     85.88.