Preserved Topic: Security question (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=15713" title="Pages that link to Preserved Topic: Security question (Page 1 of 1)" rel="nofollow" >Preserved Topic: Security question <span class="small">(Page 1 of 1)</span>\$

Sash Paranoid (IV) Inmate From: Canada, Toronto Insane since: May 2000	posted 01-23-2001 05:32 I'm running IIS server on my WinNT box. I use it for my testing and for my small web site. Today I checked Log files which are normally placed in C:\WINNT\system32\LogFiles\W3SVC1. That way I can see the IP numbers of my visitors and the pages that they visited. One log is very very strange. 21:39:44 195.190.97.29 GET /.html/............./autoexec.bat 404 I wonder what was that guy trying to do? He didn't request any other page. Share your knowledge. It's a way to achieve immortality. [This message has been edited by Sash (edited 01-23-2001).]
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 01-23-2001 08:26 Hmm, most hacker 'wannabes' often try to call some script that accepts parameters with something like this "script.pl?param=../../secret.file" and on badly configured servers they might be able to get file contents (even if that file isn't located inside the server root), so besides setting your web server correctly, one other thing is to ensure that all scripts filter "../" from all parameters that they use.

Preserved Topic: Security question (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=15713" title="Pages that link to Preserved Topic: Security question (Page 1 of 1)" rel="nofollow" >Preserved Topic: Security question <span class="small">(Page 1 of 1)</span>\$

Sash
Paranoid (IV) Inmate

From: Canada, Toronto
Insane since: May 2000

posted 01-23-2001 05:32

I'm running IIS server on my WinNT box. I use it for my testing and for my small web site. Today I checked Log files which are normally placed in C:\WINNT\system32\LogFiles\W3SVC1. That way I can see the IP numbers of my visitors and the pages that they visited.
One log is very very strange.
21:39:44 195.190.97.29 GET /.html/............./autoexec.bat 404
I wonder what was that guy trying to do? He didn't request any other page.

Share your knowledge. It's a way to achieve immortality.

[This message has been edited by Sash (edited 01-23-2001).]

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 01-23-2001 08:26

Hmm, most hacker 'wannabes' often try to call some script that accepts parameters with something like this "script.pl?param=../../secret.file" and on badly configured servers they might be able to get file contents (even if that file isn't located inside the server root), so besides setting your web server correctly, one other thing is to ensure that all scripts filter "../" from all parameters that they use.

Maximum Security
OZONE
DHTML/Javascript
Server-Side Scripting - Oh my!
CSS - DOM - XHTML - XML - XSL - XSLT
Stupid Basic HTML
Visual Therapy
Photoshop
Photoshop Pong, Anyone?
*WARNING* BIG SIG APPROACHING
Photography
3D Modelling & Rendering
Multimedia/Animation
Print Graphics
Holding Pens
Philosophy and other Silliness
Outpatient Counseling
Site reviews!
Mad Scientists' Laboratory
Getting to know the Grail

Maximum Security

OZONE

DHTML/Javascript

Server-Side Scripting - Oh my!

CSS - DOM - XHTML - XML - XSL - XSLT

Stupid Basic HTML

Visual Therapy

Photoshop

Photoshop Pong, Anyone?

***WARNING*** BIG SIG APPROACHING

Photography

3D Modelling & Rendering