Subj : Apache 1.3.22 up but?
To   : Mike Luther
From : mark lewis
Date : Sat Nov 03 2001 04:10 am

ml>> uuuggghhh... and here i sit behind injoy v2.0b with
ml>> nothing else between that box and the net... have that
ml>> apache/2 1.3.22 server running and a couple of
ml>> aliasmatch statements in httpd.conf to at least send
ml>> something i want to send back... in fact, my stuff has
ml>> a bit more output than many because i fully expect
ml>> that some stuff may be being sent manually by a person
ml>> attempting to hack in themselves...

ML> Interesting.

what's interesting? the part about me just using injoy v2.0b or the part about
manually keying those URLs?

FWIW: it is the manual keying of those URLs that allows one to begin to
"counter-attack"... if on of those /c+dir commands returns a directory listing,
then the system security is compromised enough to get a start at beating the
nasty down... but it does require the use of other tools and accessing the
system via additional means... on a windows box, start->run and entering

 \\ip.number.of.machine\c$

will gain you access to the compromised system's c$ share... one can also do
the same for the \ipc$ share... this only works if that security stuff is
compromised like the webserver's security has been... once one can access the
\c$ (or whatever$) on a windows box, it's all GUI from there, pretty much...
one can drag'n'drop anything from either machine to anywhere else... hehe, a
"funny" i did one time was to copy files that i had created from one
compromised box to another compromised box... i did that only just to see if it
would work... i highly suspected it would and was rewarded for my efforts
<<GG>>

ml>> here's those aliasmatch statements...

ML> Snipped for bandwidth but put into the keep and learn how to
ML> do this!

ml>> you might also find this one useful...

ML> Ditto.

you're welcome <<GG>>

ml>>  RedirectMatch (.*).ico$ http://www.microsoft.com$1.ico

ml>> # That one liner above will redirect all ".ico" request from
ml>> # your server to the Microsoft server. Now you'll be letting
ml>> # their damm server deal with the errors and bandwidth. It
ml>> # will NOT interupt your traffic at all! If MS is going to
ml>> # request files from your server, it's only appropriate that
ml>> # they deal with the problems they cause...

ML> Mmm . Mint Cookies, saved in notebook!  Gee how little I know,
ML>  And I never really wanted to .. oh well.  Such is life! ;)

hehehe, i know that feeling... the more i dig into the webserver stuff,
especially apache, the more i want to try to create a bbs loadable module for
it... however, i don't have the time or the drive (sadly) as i once did... not
to mention that after 20+ years of being involved in the computer industry, i'm
in the process of a major career change... seems that driving a tractor-trailer
rig can net me more than double anything i've made working in the industry all
these years and with a whole lot less stress... i just hope that boredom
doesn't set in as it has with computers and lead to a burnout situation like
i've had to deal with over the last few years... one can only answer the same
question so many times before one explodes...

[chomping here to carry rest to another message due to the length that some of
these have been getting to. it's a human thing rather than a technical thing
<<GG>>]

)\/(ark


* Origin: (1:3634/12)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.