Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Peter Pentchev (roamorbitel.bg)
Date: Thu Jun 14 2001 - 09:05:58 CDT
On Thu, Jun 14, 2001 at 08:08:36AM -0500, default013 - subscriptions wrote:
> Hello, I've been advised that someone is attempting to break into my box,
> and I know that this person is knowledgeable so I've been watching for
> unusual activity...
> I noticed this entry in one of my apache logfiles yesterday, and was
> wondering if anyone could explain to me what this is:
> mydomainname.com otherguyshostname.com - - [12/Jun/2001:18:21:35 -0500]
> "HEAD / HTTP/1.0" 200 0 "-"
> It appears to me like they somehow executed the 'head' command... how would
> one do this, and how could you stop it?
They did not execute the head(1) command that you would execute if you
typed 'head /etc/motd' on your shell prompt; they made an HTTP HEAD
request, the point of which is to get the headers you would get on a GET
request, without the page itself - this is handy for browsers that want
to check if a particular page has changed.
But yes, as discussed in the thread, the goal was probably to check
your Apache's version.
-- This sentence contains exactly threee erors.
To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message