Re: [users@httpd] Security scanners.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sean Conner wrote:

[2]	Actually, I do know of some, but they're the software programs that
	are currently trying to break in through an insecure webserver or
	CGI scripts.  You can check your web logfiles and see plenty of
	those happening.  If any of those requests are 200, then there's a
	hole.

As often as not, those 200 often mean the server managed to respond with some
sane answer, while those that ARE NEVER LOGGED manged to segfault the server
during their processing.  A new httpd module, mod_log_forensic, is ment to
catch exactly this behavior, it logs a request -before it's processed- and then
at the end writes a corresponding completed entry.

Take the started entries, modulo all completed requests, and you find out any
requests which occured and never finished.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux