[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)

Subject: Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)
From: Larry Smith <lesmith@xxxxxxxxx>
Date: Mon, 16 Sep 2002 10:10:54 -0500
Organization: ECSIS.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

INRE: On Monday 16 September 2002 07:51 am, Glen Scott wrote:

For those with RAQ4 systems, simply comment out the following lines and the 
script will still work (you just won't get the whois information):

> ## my $command = 'whois ' . $name . '@whois.abuse.net';
>
> # lookup abuse email address using
> ## abuse.net my $output = `$command`;
>
>  # grab email address
>  ## if ( $output =~ m/([a-zA-Z0-9_-]+@\S+)/ ) {
>            ## $abuse_email = $1;
>  ## }

For those with "other" systems, eg SUSE, RedHat, Caldera,  the whois command 
works better written thus (at least for me):

my $command = 'whois -h whois.abuse.net ' . $name;

So far I am showing about 120 + scans per machine that I have up, but no 
"breaches" yet.... (fingers crossed)....

-- 
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx

References:
- [cobalt-security] Apache/mod_ssl Worm (cross-post)
  - From: Glen Scott

Prev by Date: Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)
Next by Date: [cobalt-security] Server failed to reboot
Previous by thread: Re: [cobalt-security] Apache/mod_ssl Worm (cross-post)
Next by thread: [cobalt-security] Re: [cobalt-developers] openssl patch (fwd)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index