[Sysadmin] LogWatch for tempest
root
root at tempest.evolt.org
Wed Jul 16 06:25:57 CDT 2008
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Wed Jul 16 06:25:21 2008
Date Range Processed: yesterday
Detail Level of Output: 10
Logfiles for Host: tempest
################################################################
--------------------- Cron Begin ------------------------
Commands Run:
User dkaufman:
/bin/date > $HOME/date.txt: 1440 Time(s)
User dmah:
/home/dmah/bin/article_reminder.pl: 1 Time(s)
/home/dmah/bin/comment_reminder.pl: 1 Time(s)
User mailman:
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/checkdbs: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/disabled: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/gate_news: 288 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/nightly_gzip: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/senddigests: 1 Time(s)
User root:
run-parts --report /etc/cron.hourly: 24 Time(s)
[ -d /var/lib/php4 ] && find /var/lib/php4/ -type f -cmin +$(/usr/lib/php4/maxlifetime) -print0 | xargs -r -0 rm: 48 Time(s)
/store/host/browsers.evolt.org/mkarchivesize: 1 Time(s)
/usr/bin/freshclam --quiet -l /var/log/clam-update.log: 1 Time(s)
/usr/local/bin/planetupdate 1>/dev/null 2>&1: 24 Time(s)
/usr/sbin/ntpdate -su us.pool.ntp.org us.pool.ntp.org: 1 Time(s)
/var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null: 1 Time(s)
if [ -x /usr/bin/vnstat ] && [ `ls /var/lib/vnstat/ | wc -l` -ge 1 ]; then /usr/bin/vnstat -u; fi: 288 Time(s)
test -x /usr/sbin/anacron || run-parts --report /etc/cron.daily: 1 Time(s)
test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt: 1 Time(s)
wget -O - -q http://evolt.org/cron.php: 72 Time(s)
User www-data:
[ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null: 144 Time(s)
---------------------- Cron End -------------------------
--------------------- EXIM Begin ------------------------
--- Messages history ---
3 messages delivered immediately to 3 total recipients
---------------------- EXIM End -------------------------
--------------------- httpd Begin ------------------------
10.89 MB transfered in 843 responses (1xx 0, 2xx 502, 3xx 78, 4xx 263, 5xx 0)
54 Images (0.02 MB),
8 Documents (0.00 MB),
6 Archives (0.00 MB),
1 Windows executable files (0.00 MB),
625 Content pages (10.48 MB),
11 Program source files (0.06 MB),
138 Other (0.33 MB)
Attempts to use 1 known hacks were logged 1 time(s)
owssvr.dll by
200.75.48.240 1 time(s)
A total of 1 sites probed the server
200.75.48.240
A total of 97 unidentified 'other' records logged
GET /djc/stdio/index.cfm/daddy/show/mommy/94 HTTP/1.1 with response code(s) 1 404 responses
GET /dshadovi/traffic.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating11.gif?hideattic=1&only_with_tag=MAIN&sortdir=down&view=markup HTTP/1.0 with response code(s) 1 200 responses
GET //mantruc/blog HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/grabbag/status/demo/images/status.up.png?view=auto&rev=1.1&sortby=date&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating12.gif?annotate=1.2&hideattic=0&sortby=dat&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/favicon.ico?rev=1.1&view=log&hideattic=1&sortby=file&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating09.gif?rev=1.2&view=auto&hideattic=1&sortby=rev&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/cubes-1.png?hideattic=1&r1=1.1&rev=1.1&only_with_tag=HEAD&sortby=au&view=log HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating07.gif?annotate=1.2&hideattic=0&sortby=d&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/square-bullet-categories.gif?view=log&hideattic=1&only_with_tag=MAIN&sortdir=down&r1=1.1 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating07.gif?rev=1.2&view=markup&hideattic=0&sortby=d&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/square-bullet-default.gif?sortby=date&only_with_tag=weo_theme-4-5 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/quotes.png?rev=1.1&hideattic=1&only_with_tag=weo_theme-4-5&sortdir=down&view=markup HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?hideattic=1&r1=1.6&r2=1.20&only_with_tag=MAIN&sortby=log&sortdir=down HTTP/1.0 with response code(s) 1 200 responses
GET /seb HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/.cvsignore?hideattic=0&sortby=log&sortdir=down&view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating01.gif?rev=1.2&view=auto&hideattic=1&sortby=date&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/beodl/Attic/mirrors-withdeouk.csv?view=graph&sortby=rev&only_with_tag=v3_0_0 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/Attic/gold-cube.gif?hideattic=0&view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating05.gif?annotate=1.2&hideattic=0&sortby=l&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/mirrors/sites/flirble.org/location?only_with_tag=HEAD&sortdir=down&view=graph HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/cubes-3.png?view=markup&hideattic=1&sortby=au&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/Attic/evoltorg.psd?hideattic=0&sortby=log&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /rss/articles.rss HTTP/1.0 with response code(s) 1 404 responses
GET /mantruc/blog HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/Attic/gold-cube.gif?only_with_tag=MAIN&hideattic=0 HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/atom03.gif?hideattic=0&sortby=log&view=graph HTTP/1.1 with response code(s) 1 200 responses
- with response code(s) 31 408 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.4&hideattic=1&sortby=au&r2=1.14&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/atom03.gif?hideattic=1&sortby=a&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/screenshot.png?sortby=log&sortdir=down&view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating01.gif?rev=1.2&hideattic=0&view=log HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.16&hideattic=1&sortby=au&r2=1.5&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/redcube.gif?rev=1.1&hideattic=1&sortby=author&sortdir=down&view=markup HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating02.gif?r1=1.1&hideattic=0&sortby=file&r2=1.2&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /matthewo HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating04.gif?r1=1.1&hideattic=1&sortby=rev&view=log&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating01.gif?rev=1.2&view=auto&hideattic=1&sortby=file&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/beodl/Attic/mirrors-withdeouk.csv?rev=1.2&hideattic=1&sortby=author&view=auto HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/atom03.gif?rev=1.1&view=markup&hideattic=1&sortby=au&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /~atdt1991/uploads HTTP/1.1 with response code(s) 1 404 responses
GET /jeff/code/character_converting_textarea.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /elfur HTTP/1.0 with response code(s) 1 404 responses
GET /soichih HTTP/1.1 with response code(s) 2 404 responses
GET /jesteruk/index/tutorials/programming/2/13/evolt.org/agent-v-agent HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/donatecube.gif?rev=1.1&view=markup&hideattic=1&sortby=log&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/square-bullet-default.gif?rev=1.1&view=auto&hideattic=1&sortby=log&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /artlung/using_form_fieldnames_cold_fusion.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/grabbag/status/demo/images/tab_home.gif?rev=1.1&view=auto&hideattic=0&sortby=rev&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /aleem HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?hideattic=1&sortby=au&r2=1.13&r1=1.16 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/mirrors/sites/mirror.ac.uk/contact?rev=1.1&hideattic=0&sortby=rev&view=log HTTP/1.0 with response code(s) 1 200 responses
GET /signup.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating07.gif?view=graph&hideattic=1&sortby=file&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating07.gif?r1=1.1&hideattic=1&sortby=l&view=log&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /jeff/code/js_url_variables/index.cfm HTTP/1.0 with response code(s) 3 404 responses
GET /jeff/yahoo.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /frymaster HTTP/1.1 with response code(s) 1 404 responses
GET /danfascia/index.cfm?case=pneumonia§ion=clinical&page=1 HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating07.gif?r1=1.2&hideattic=1&sortby=file&view=log&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/square-bullet.gif?hideattic=0&sortby=log&view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating03.gif?hideattic=0&sortby=log&view=graph HTTP/1.1 with response code(s) 1 200 responses
GET /jeff/code/dhtml_form_rollover/index.cfm HTTP/1.1 with response code(s) 3 404 responses
GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1 with response code(s) 3 400 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating03.gif?sortby=file&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /Isaac HTTP/1.1 with response code(s) 1 404 responses
GET /jeff/code/dhtml_form_rollover/index.cfm HTTP/1.0 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.12&hideattic=1&sortby=au&r2=1.9&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?hideattic=1&sortby=au&r2=1.11&r1=1.16 HTTP/1.0 with response code(s) 1 200 responses
GET /jeff/code/preload_n_rollover/index.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/beodl/Attic/mirrors.csv.sample?hideattic=1&sortdir=down&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /jeff/code/user_defined_colors.cfm HTTP/1.1 with response code(s) 2 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.1&r2=1.2&sortby=log&sortdir=down&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /jeff/code/imagemap_rollover/index.cfm HTTP/1.0 with response code(s) 3 404 responses
GET /cgi-bin/viewcvs.cgi/*checkout*/weo_theme/atom03.gif?rev=1.1 HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/mirrors/sites/mirror.ac.uk/description?rev=1.2&hideattic=1&sortby=l&view=log HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/beo_ng/beodl/Attic/mirrors.csv.sample?rev=1.2&view=auto&hideattic=0&sortby=dat&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/evoltorg.png?sortby=file&only_with_tag=MAIN HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.4&hideattic=1&sortby=au&r2=1.2&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /%3Cabbr+title%3D%22Adobe%27s+Portable+Document+Format%22%3EPDF%3C%2Fabbr%3Es%2C+or+maybe+even+some+Zip+files+for+an+indefinite+period+of+time+and+presumably+with+the+understanding+that+someone+will+link+to+that+file+in+an+HTML+file%2C+and+then+sometime+later+someone+will+follow+that+link.+%3C%2Fp%3E%0A%0A%3Cp%3EIn+order+to+get+my+uninterrupted+sleepy+time%2C+I+like+to+do+what+I+can+to+limit+the+chance+that+someone+will+abuse+this+permission+to+upload+pooh+to+my+web+server.+Lets+define+our+risks.+There+are+two+distinct+cases+for+file+uploads%3A%3C%2Fp%3E%0A%0A%3Col%3E%0A%3Cli%3EThe+sender+is+someone+who+has+paid+me+for+the+right+to+personally+put+files+on+my+web+server.+I+know+who+this+person+is%2C+and+have+assigned+a+scheme+for+authenticating+this+person%27s+identity+before+the+upload+happens.+If+things+go+wrong+I+have+this+person%27s+phone+number%2C+a+valid+email+address%2C+and+maybe+even+a+hostage+credit+card.+%3C%2Fli%3E%0A%3Cli%3EThe+sender+is+visiting+a+website+on+my+server%2C+is+an+unauthorized+and+anonymous+user.+I+don%27t+know+who+to+yell+at+when+I+find+several+gigabytes+of+bootlegged+%3Cabbr+title%3D%22Mpeg+layer+3+audio%22%3EMP3%3C%2Fabbr%3Es+of+the+upcoming+tribute+album+to+Artis+the+Spoonman+on+my+server.%0A%3C%2Fli%3E%0A%3C%2Fol%3E+%0A%0A%3Cp%3ELet+us+presume+that+we+trust+the+authenticated+users+and+ignore+them+for+right+now.+We+want+to+focus+on+the+second+case+and+try+to+eliminate+some+of+the+potential+risks.%3C%2Fp%3E%0A%0A%3Cp%3EFirst+how+do+we+create+a+form+where+someone+can+upload+a+file%3F%3C%2Fp%3E%0A%0A%3Cpre%3E%0A%26lt%3B%21---+Beginning+for+your+file-upload+form+---%26gt%3B%0A%26lt%3Bform+action%3D%26quot%3B%23BuildSelfURL%28%29%23%26quot%3B+method%3D%26quot%3BPOST%26quot%3B+%0A++name%3D%26quot%3BMyForm%26quot%3B+enctype%3D%26quot%3Bmultipart%2Fform-data%26quot%3B%26gt%3B%0A++%26lt%3Binput+type%3D%26quot%3Bfile%26quot%3B+name%3D%26quot%3Bdocument%26quot%3B+size%3D%26quot%3B35%26quot%3B+%0A++++class%3D%26quot%3Bft%26quot%3B+accept%3D%26quot%3Btext%2Fplain%2Capplication%2Fmsword%2C%26quot%3B+%0A++++++%26quot%3Bapplication%2Fpdf%2Capplication%2Frtf%2Capplication%2Fmspowerpoint%2C%26quot%3B+%26amp%3B+%0A++++++%26quot%3Bapplication%2Fx-visio%2Capplication%2Fexcel%2Capplication%2Fx-msexcel%2C%26quot%3B+%26amp%3B%0A++++++%26quot%3Bapplication%2Fx-compressed%2Capplication%2Fx-zip-compressed%2C%26quot%3B+%26amp%3B%0A++++++%26quot%3Bapplication%2Fvnd.ms-excel%2Capplication%2Fx-excel%2Capplication%2Fzip%26quot%3B%26gt%3B%0A%26lt%3B%2Fform%26gt%3B%0A%3C%2Fpre%3E%0A%0A%3Cp%3EHere%2C+I+am+using+a+%3Cabbr+title%3D%22User-Defined+Function%22%3EUDF%3C%2Fabbr%3E+called+%3Ccode%3EBuildSelfURL%28%29%3C%2Fcode%3E+which+will+write+a+correct+destination+for+my+form+with+appropriate+query+string+elements.+You+should+probably+replace+it+with+whatever+URL+will+handle+your+input+validation+and+processing+if+you+don%27t+have+this+sort+of+thing+built+yet.%3C%2Fp%3E%0A%0A%3Cp%3EThe+%3Ccode%3Eenctype%3D%26amp%3Bquot%3Bmultipart%2Fform-data%26amp%3Bquot%3B%3C%2Fcode%3E+in+the+form+is+%3Cstrong%3Eessential%3C%2Fstrong%3E.+Don%27t+ask+why+if+you+don%27t+want+me+to+explain+the+reason+to+you+in+mind+numbing+detail.+As+you+may+guess+the+%3Ccode%3Einput+type%3D%26amp%3Bquot%3Bfile%26amp%3Bquot%3B%3C%2Fcode%3E+is+what+really+telling+the+browser+to+help+your+user+to+select+a+file+from+his%2Fher+file+system%2C+and+to+send+this+file+to+the+server+when+he%2Fshe+submits+the+form.+The+%3Ccode%3Eaccept%3D%26amp%3Bquot%3B...%26amp%3Bquot%3B%3C%2Fcode%3E+bit+is+nice+because+it+can+help+some+of+your+potential+users+select+acceptable+files+to+begin+with.+This+is+not+reliable+because+it+is+not+widely+implemented%2C+and+secondly+because+you+can+%3Cstrong%3Enever+trust+clients%3C%2Fstrong%3E.+Client-side+error+checking+should+be+done+as+a+convenience+to+the+user+only%2C+never+as+a+safeguard+for+%3Cem%3Eanything%3C%2Fem%3E.%3C%2Fp%3E%0A%0A%3Cp%3ESo+how+do+we+determine+if+the+uploaded+file+is+malicious%3F++We+don%27t+believe+in+achieving+a+secure+computer+system%2C+short+of+unplugging+the+server+and+throwing+it+off+the+continental+shelf.+Since+that+won%27t+help+you+secure+your+%3Cem%3Efunctional%3C%2Fem%3E+file+upload+system+I+will+try+to+be+practical+and+help+you+reduce+the+risk+by+trying+to+determine+if+a+file+is+%3Cem%3Eunlikely%3C%2Fem%3E+to+be+malicious+and+we+let+it+in+if+it+doesn%27t+scare+us+too+badly.+Sound+good%3F++OK%2C+here+we+go.%3C%2Fp%3E%0A%0A%3Cpre%3E%0A%26lt%3B%21---%0A+Now+test+that+any+uploaded+files+are+of+an+acceptable+format+before+%0A+we+do+any+DB+work.+Presume+we+are+working+in+a+windows+environment.+%0A+Upload+destination+uses+%5C+notation+to+identify+a+directory.%0A+---%26gt%3B%0A%0A%26lt%3B%21---+uploaded+file+is+of+a+generic+business+document+format+---%26gt%3B%0A%26lt%3Bcfif+Len%28form.document%29%26gt%3B%0A++%26lt%3Bcfset+request.badext+%3D%26quot%3Bcfml%2Ccfm%2Casp%2Cshtml%2Cphp%2Ccgi%26quot%3B%26gt%3B%0A++%26lt%3Bcfset+request.accept+%3D%26quot%3Btext%2Fplain%2Capplication%2Fmsword%2C%26quot%3B+%26amp%3B%0A++++%26quot%3Bapplication%2Fpdf%2Capplication%2Frtf%2Capplication%2Fmspowerpoint%2C%26quot%3B+%26amp%3B%0A++++%26quot%3Bapplication%2Fx-visio%2Capplication%2Fexcel%2Capplication%2Fx-msexcel%2C%26quot%3B+%26amp%3B%0A++++%26quot%3Bapplication%2Fx-compressed%2Capplication%2Fx-zip-compressed%2C%26quot%3B+%26amp%3B%0A++++%26quot%3Bapplication%2Fvnd.ms-excel%2Capplication%2Fx-excel%2Capplication%2Fzip%26quot%3B%26gt%3B%0A++%26lt%3Bcffile+action%3D%26quot%3BUPLOAD%26quot%3B+filefield%3D%26quot%3Bform.document%26quot%3B+%0A++++destination%3D%26quot%3B%23request.uploadtemp%23%5C%26quot%3B+%0A++++nameconflict%3D%26quot%3BMAKEUNIQUE%26quot%3B%26gt%3B%0A++%26lt%3Bcfset+request.tmpfilename+%3D+CFFile.ServerFile%26gt%3B%0A++%26lt%3Bcfset+request.filetype+%3D+CFFile.ContentType+%26amp%3B+%26quot%3B%2F%26quot%3B+%26amp%3B+%0A++++CFFile.ContentSubType%26gt%3B%0A++%26lt%3Bcfif+ListFindNoCase%28request.accept%2C+request.filetype%29+AND+NOT+%0A++++ListFindNoCase%28request.badext%2C+CFFile.ClientFileExt%29%26gt%3B%0A++++%26lt%3Bcfset+request.clientfile+%3D+CFFile.ClientFile%26gt%3B%0A++%26lt%3Bcfelse%26gt%3B%0A++++%26lt%3Bcffile+action%3D%26quot%3BDELETE%26quot%3B+%0A++++++file%3D%26quot%3B%23request.uploadtemp%23%5C%23CFFile.ServerFile%23%26quot%3B%26gt%3B%0A++++%26lt%3Bcfset+request.errors.document+%3D+%26quot%3BField%3A+Document.+The+file+%26quot%3B+%26amp%3B%0A++++++%26quot%3Bformat+provided+%28%23CFFile.ContentType%23%2F%26quot%3B+%26amp%3B%0A++++++%26quot%3B%23CFFile.ContentSubType%23%29+is+not+allowed.%26quot%3B%26gt%3B%0A++%26lt%3B%2Fcfif%26gt%3B%0A%26lt%3B%2Fcfif%26gt%3B%0A%3C%2Fpre%3E%0A%0A%3Cp%3EHow+do+we+decide+what+file+extensions+are+bad%3F++Any+scripting+system+can+be+dangerous.++Depending+on+what+scripting+languages+your+server+offers+and+what+permissions+look+like+you+may+need+to+modify+the+list+of+bad+file+extensions.++You+should+also+probably+only+allow+those+document+MIME+types+that+you+need+to.++Any+MS+Office+format+could+be+potentially+dangerous+for+instance%2C+depending+on+what+DLLs+live+on+your+server+and+what+bugs+Microsoft+has+left+behind.%3C%2Fp%3E%0A%0A%3Cp%3EWhat+is+%3Ccode%3Erequest.uploadtemp%3C%2Fcode%3E+anyway%3F++This+is+a+temp+directory+%3Cem%3Eoutside%3C%2Fem%3E+of+the+web+root.+This+directory+must+be+outside+the+web+root+to+eliminate+a+race+condition+in+our+system.+That+means+that+we+do+not%2C+%3Cem%3Eeven+for+a+moment%3C%2Fem%3E%2C+allow+unacceptable+file+types+to+live+on+our+file+system+where+an+http+request+could+find+it.%3C%2Fp%3E%0A%0A%3Cp%3EWhy+do+we+%3Ccode%3EMAKEUNIQUE%3C%2Fcode%3E%3F++Because+we+don%27t+know+how+many+folks+are+uploading+files+at+any+given+time%2C+trying+to+get+through+our+defenses.+Best+to+not+let+them+clobber+each+other%27s+files.%3C%2Fp%3E%0A%0A%3Cp%3ENow+%3Ccode%3Erequest.tmpfilename%3C%2Fcode%3E+stores+the+filename+of+the+uploaded+file+as+it+was+stored+in+our+temp+directory.+This+will+be+different+from+the+file+name+that+the+client+used+for+the+file+if+there+was+a+conflict+with+another+file+in+the+temp+directory.+I+prefer+to+preserve+the+user%27s+file+name%2C+so+we+stored+that+in+%3Ccode%3Erequest.clientfile%3C%2Fcode%3E+as+well.%3C%2Fp%3E%0A%0A%3Cp%3EAt+this+point+we+have+taken+the with response code(s) 1 414 responses
GET /jeff/code/preload_n_rollover HTTP/1.1 with response code(s) 2 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.16&hideattic=1&sortby=au&r2=1.6&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating05.gif?annotate=1.2&hideattic=0&sortby=fil&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/screenshot.png?rev=1.1&hideattic=1&sortby=author&sortdir=down&view=markup HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/Attic/evoltorg.psd?annotate=1.1&hideattic=0&sortby=log&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /jeff/code/imagemap_rollover/index.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /logout HTTP/1.1 with response code(s) 1 404 responses
GET //StOne HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/Attic/green-cube.png?hideattic=0&only_with_tag=MAIN HTTP/1.1 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/print.module?r1=1.16&hideattic=1&sortby=au&r2=1.21&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/6alt_rating04.gif?rev=1.2&view=markup&hideattic=1&sortby=l&only_with_tag=MAIN HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/rss20.gif?hideattic=1&sortby=au&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/evoltorg.png?annotate=1.1&sortby=file HTTP/1.1 with response code(s) 1 200 responses
GET /garrett/site/books/factual HTTP/1.1 with response code(s) 1 404 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/screenshot.png?view=auto&rev=1.3&sortby=fil&only_with_tag=weo_theme-4-5 HTTP/1.0 with response code(s) 1 200 responses
GET /cgi-bin/viewcvs.cgi/weo_theme/.cvsignore?rev=1.2&view=auto&hideattic=0&sortby=dat&only_with_tag=HEAD HTTP/1.0 with response code(s) 1 200 responses
A total of 15 ROBOTS were logged
NG/2.0 1 time(s)
MSNBOT_Mobile MSMOBOT Mozilla/2.0 (compatible; MSIE 4.02; Windows CE; Default)/1.1 (+http://search.msn.com/msnbot.htm) 1 time(s)
MSRBOT (http://research.microsoft.com/research/sv/msrbot/ 3 time(s)
Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) 6 time(s)
QEAVis agent/Nutch-0.9 (http://nlp.uned.es/qeavis/) 1 time(s)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) 2 time(s)
Mozilla/5.0 (Yahoo-MMCrawler/4.0; mailto:vertical-crawl-support at yahoo-inc.com) 1 time(s)
Gigabot/3.0 (http://www.gigablast.com/spider.html) 1 time(s)
msnbot-media/1.1 (+http://search.msn.com/msnbot.htm) 1 time(s)
msnbot-media/1.0 (+http://search.msn.com/msnbot.htm) 3 time(s)
Speedy Spider (http://www.entireweb.com/about/search_tech/speedy_spider/) 1 time(s)
Grub/2.0 (Grub.org crawler; http://www.grub.org/; bot at grub.org) 1 time(s)
msnbot/1.1 (+http://search.msn.com/msnbot.htm) 19 time(s)
del.icio.us-thumbnails/1.0 Mozilla/5.0 (compatible; Konqueror/3.4; FreeBSD) KHTML/3.4.2 (like Gecko) 1 time(s)
Mozilla/5.0 (Twiceler-0.9 http://www.cuill.com/twiceler/robot.html) 5 time(s)
---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
1 Time(s): UDP: bad checksum. From 12.96.160.104:53 to 67.19.100.194:28534 ulen 188
1 Time(s): UDP: short packet: 12.96.160.115:53 124/108 to 67.19.100.194:34197
1 Time(s): UDP: short packet: 12.96.160.115:53 158/142 to 67.19.100.194:46315
1 Time(s): UDP: short packet: 12.96.160.115:53 185/169 to 67.19.100.194:48140
1 Time(s): UDP: short packet: 12.96.160.115:53 210/194 to 67.19.100.194:50087
1 Time(s): UDP: short packet: 12.96.160.115:53 212/196 to 67.19.100.194:64715
1 Time(s): UDP: short packet: 12.96.160.115:53 213/197 to 67.19.100.194:33037
1 Time(s): UDP: short packet: 12.96.160.115:53 213/197 to 67.19.100.194:33913
1 Time(s): UDP: short packet: 12.96.160.115:53 213/197 to 67.19.100.194:44755
1 Time(s): UDP: short packet: 12.96.160.115:53 245/229 to 67.19.100.194:50992
1 Time(s): UDP: short packet: 12.96.160.115:53 284/268 to 67.19.100.194:59094
1 Time(s): UDP: short packet: 12.96.160.115:53 287/271 to 67.19.100.194:53888
1 Time(s): UDP: short packet: 12.96.160.115:53 313/297 to 67.19.100.194:43563
1 Time(s): UDP: short packet: 12.96.160.115:53 313/297 to 67.19.100.194:48867
1 Time(s): UDP: short packet: 12.96.160.115:53 313/297 to 67.19.100.194:54461
1 Time(s): UDP: short packet: 12.96.160.115:53 315/299 to 67.19.100.194:52483
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:34014
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:39683
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:59520
1 Time(s): UDP: short packet: 12.96.160.115:53 530/514 to 67.19.100.194:60047
1 Time(s): device eth0 entered promiscuous mode
1 Time(s): device eth0 left promiscuous mode
3 Time(s): sending pkt_too_big (len[1500] pmtu[1496]) to self
---------------------- Kernel End -------------------------
--------------------- Named Begin ------------------------
**Unmatched Entries**
notify question section contains no SOA: 3 Time(s)
---------------------- Named End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
dkaufman: 1440 Time(s)
root: 462 Time(s)
mailman: 292 Time(s)
www-data: 144 Time(s)
dmah: 2 Time(s)
su:
Sessions Opened:
(uid=0) -> nobody: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- sendmail Begin ------------------------
ERROR: Could not open /etc/mail/local-host-names
ERROR: Could not open /etc/mail/access
Message Size Distribution:
Range # Msgs KBytes
0 - 10k 0 0
10k - 20k 0 0
20k - 50k 0 0
50k - 100k 0 0
100k - 500k 0 0
500k - 1Mb 0 0
1Mb - 2Mb 0 0
2Mb - 5Mb 0 0
5Mb - 10Mb 0 0
10Mb+ 0 0
----------------------------------
TOTAL 0 0
---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
213.122.176.200: 5 Time(s)
219.139.190.249: 4 Time(s)
Failed logins from these:
admin/password from 219.139.190.249: 1 Time(s)
admin/password from 83.12.8.166: 1 Time(s)
cgi-bin/password from 206.221.191.81: 1 Time(s)
fluffy/password from 83.12.8.166: 1 Time(s)
ftp/password from 219.139.190.249: 4 Time(s)
guest/password from 83.12.8.166: 1 Time(s)
root/password from 206.221.191.81: 60 Time(s)
root/password from 219.139.190.249: 4 Time(s)
root/password from 83.12.8.166: 1 Time(s)
sales/password from 219.139.190.249: 2 Time(s)
test/password from 83.12.8.166: 1 Time(s)
webmaster/password from 219.139.190.249: 4 Time(s)
Illegal users from these:
admin/none from 219.139.190.249: 1 Time(s)
admin/none from 83.12.8.166: 1 Time(s)
admin/password from 219.139.190.249: 1 Time(s)
admin/password from 83.12.8.166: 1 Time(s)
cgi-bin/none from 206.221.191.81: 1 Time(s)
cgi-bin/password from 206.221.191.81: 1 Time(s)
fluffy/none from 83.12.8.166: 1 Time(s)
fluffy/password from 83.12.8.166: 1 Time(s)
guest/none from 83.12.8.166: 1 Time(s)
guest/password from 83.12.8.166: 1 Time(s)
sales/none from 219.139.190.249: 2 Time(s)
sales/password from 219.139.190.249: 2 Time(s)
test/none from 83.12.8.166: 1 Time(s)
test/password from 83.12.8.166: 1 Time(s)
webmaster/none from 219.139.190.249: 4 Time(s)
webmaster/password from 219.139.190.249: 4 Time(s)
**Unmatched Entries**
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
---------------------- SSHD End -------------------------
--------------------- Syslogd Begin ------------------------
Syslogd started 1 Time(s)
---------------------- Syslogd End -------------------------
------------------ Disk Space --------------------
/dev/hda3 72G 26G 43G 38% /
/dev/hda1 92M 6.3M 81M 8% /boot
###################### LogWatch End #########################
More information about the Sysadmin
mailing list