Preserved Topic: Security question $Pages that link to <a href="https://ozoneasylum.com/backlink?for=15713" title="Pages that link to Preserved Topic: Security question" rel="nofollow" >Preserved Topic: Security question\$

Author	Thread
Sash Paranoid (IV) Inmate From: Canada, Toronto Insane since: May 2000	posted 01-23-2001 05:32 I'm running IIS server on my WinNT box. I use it for my testing and for my small web site. Today I checked Log files which are normally placed in C:\WINNT\system32\LogFiles\W3SVC1. That way I can see the IP numbers of my visitors and the pages that they visited. One log is very very strange. 21:39:44 195.190.97.29 GET /.html/............./autoexec.bat 404 I wonder what was that guy trying to do? He didn't request any other page. Share your knowledge. It's a way to achieve immortality. [This message has been edited by Sash (edited 01-23-2001).]
mr.maX Maniac (V) Mad Scientist From: Belgrade, Serbia Insane since: Sep 2000	posted 01-23-2001 08:26 Hmm, most hacker 'wannabes' often try to call some script that accepts parameters with something like this "script.pl?param=../../secret.file" and on badly configured servers they might be able to get file contents (even if that file isn't located inside the server root), so besides setting your web server correctly, one other thing is to ensure that all scripts filter "../" from all parameters that they use.

Preserved Topic: Security question\$

Author

Thread

Sash
Paranoid (IV) Inmate

From: Canada, Toronto
Insane since: May 2000

posted 01-23-2001 05:32

I'm running IIS server on my WinNT box. I use it for my testing and for my small web site. Today I checked Log files which are normally placed in C:\WINNT\system32\LogFiles\W3SVC1. That way I can see the IP numbers of my visitors and the pages that they visited.
One log is very very strange.
21:39:44 195.190.97.29 GET /.html/............./autoexec.bat 404
I wonder what was that guy trying to do? He didn't request any other page.

Share your knowledge. It's a way to achieve immortality.

[This message has been edited by Sash (edited 01-23-2001).]

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted 01-23-2001 08:26

Hmm, most hacker 'wannabes' often try to call some script that accepts parameters with something like this "script.pl?param=../../secret.file" and on badly configured servers they might be able to get file contents (even if that file isn't located inside the server root), so besides setting your web server correctly, one other thing is to ensure that all scripts filter "../" from all parameters that they use.