[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Top command results

Subject: Re: [cobalt-users] Top command results
From: "H.P. Stroebel" <hpstr@xxxxxxxxxxxxx>
Date: Fri Aug 11 12:18:03 2000
Organization: Rechtsanwalt

Worldwide Beauty Store Staff schrieb:

> FakePHF  (free script)

i don`t know that script. obviously (name) it is to fake the apache`s
phf bug ?

every hacker/cracker only few above script kid level does not even try
anymore the phf exploit, that concerned apache versions until 1.0.3, to
avoid triggering the phf logging function in newer apache versions.

anyone using such software dinosaurs should have some other, more
serious security problems.

of course, auditing tools like nessus try the phf exploit, but you can
use internal apache functions to log/report that (in my opinion,
relatively useless).

in no way does this script (if it is what i assume) provide higher
security.

-- 

H. P.  Stroebel, Germany

CGI-FAQ for Raq-Newbies :
http://users.iol.it/hpstr/

A problem to some is a 'feature' to others.

References:
- RE: [cobalt-users] Top command results
  - From: Alonso Garcia
- Re: [cobalt-users] Top command results
  - From: Worldwide Beauty Store Staff

Prev by Date: Re: [cobalt-users] Email software
Next by Date: Re: [cobalt-users] WildCard DNS
Previous by thread: Re: [cobalt-users] Fake PHF script
Next by thread: [cobalt-users] Storage Facility?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index