Skip to main content.
home | support | download

Back to List Archive

Re: Swish-e CGI script security?

From: Bill Moseley <moseley(at)not-real.hank.org>
Date: Thu May 18 2006 - 13:30:53 GMT
On Thu, May 18, 2006 at 01:43:35AM -0700, David Brooks wrote:
> A few days ago I nearly had a heart attack when I saw what looked like a 
> script kiddie running arbitrary code in my apache error log.

Which cgi script are you using?  Which OS?

Post the logs.

Were they actually running code or just entering strings into the
search box?  Anyone that runs a web server sees hack attempts often in
the logs.  There's a difference between seeing the attempts and the
attack actually working.  From your description, I suspect you are
just seeing the logs.


> I know nothing about Perl, but I know a lot about PHP so I'd feel a lot 
> more comfortable running something PHP based.

Obviously, the language has nothing to do with if it's secure or not.
It's how it's written.

-- 
Bill Moseley
moseley@hank.org

Unsubscribe from or help with the swish-e list: 
   http://swish-e.org/Discussion/

Help with Swish-e:
   http://swish-e.org/current/docs
   swish-e@sunsite.berkeley.edu
Received on Thu May 18 06:30:59 2006