Subj : Apache 1.3.22 up but? To : Mike Luther From : mark lewis Date : Sat Nov 03 2001 05:10 am ml>> uuuggghhh... and here i sit behind injoy v2.0b with ml>> nothing else between that box and the net... have that ml>> apache/2 1.3.22 server running and a couple of ml>> aliasmatch statements in httpd.conf to at least send ml>> something i want to send back... in fact, my stuff has ml>> a bit more output than many because i fully expect ml>> that some stuff may be being sent manually by a person ml>> attempting to hack in themselves... ML> Interesting. what's interesting? the part about me just using injoy v2.0b or the part about manually keying those URLs? FWIW: it is the manual keying of those URLs that allows one to begin to "counter-attack"... if on of those /c+dir commands returns a directory listing, then the system security is compromised enough to get a start at beating the nasty down... but it does require the use of other tools and accessing the system via additional means... on a windows box, start->run and entering \\ip.number.of.machine\c$ will gain you access to the compromised system's c$ share... one can also do the same for the \ipc$ share... this only works if that security stuff is compromised like the webserver's security has been... once one can access the \c$ (or whatever$) on a windows box, it's all GUI from there, pretty much... one can drag'n'drop anything from either machine to anywhere else... hehe, a "funny" i did one time was to copy files that i had created from one compromised box to another compromised box... i did that only just to see if it would work... i highly suspected it would and was rewarded for my efforts <> ml>> here's those aliasmatch statements... ML> Snipped for bandwidth but put into the keep and learn how to ML> do this! ml>> you might also find this one useful... ML> Ditto. you're welcome <> ml>> RedirectMatch (.*).ico$ http://www.microsoft.com$1.ico ml>> # That one liner above will redirect all ".ico" request from ml>> # your server to the Microsoft server. Now you'll be letting ml>> # their damm server deal with the errors and bandwidth. It ml>> # will NOT interupt your traffic at all! If MS is going to ml>> # request files from your server, it's only appropriate that ml>> # they deal with the problems they cause... ML> Mmm . Mint Cookies, saved in notebook! Gee how little I know, ML> And I never really wanted to .. oh well. Such is life! ;) hehehe, i know that feeling... the more i dig into the webserver stuff, especially apache, the more i want to try to create a bbs loadable module for it... however, i don't have the time or the drive (sadly) as i once did... not to mention that after 20+ years of being involved in the computer industry, i'm in the process of a major career change... seems that driving a tractor-trailer rig can net me more than double anything i've made working in the industry all these years and with a whole lot less stress... i just hope that boredom doesn't set in as it has with computers and lead to a burnout situation like i've had to deal with over the last few years... one can only answer the same question so many times before one explodes... [chomping here to carry rest to another message due to the length that some of these have been getting to. it's a human thing rather than a technical thing <>] )\/(ark * Origin: (1:3634/12) .