mod_frontpage vulnerability?
Justin Hopper
jhopper at bsdhosting.net
Sat Jan 3 22:31:15 PST 2004
On Sat, 2004-01-03 at 20:57, Peter Brezny wrote:
> Greetings,
>
> I wanted to know if any of you have experienced recent problems running
> mod_frontpage.
Are you sure the problems were with mod_frontpage or with the Server
Extensions? I haven't seen many problems with mod_frontpage, but the
Server Extensions often have problems (and they're not Open Source, so
they are difficult to work with).
> Last week, one of the systems I am running mod_front page on stopped
> allowing front page logins.
>
> I wasn't able to pinpoint the problem, however, re-installing mod_frontpage
> fixed the problem.
You reinstalled the mod_frontpage Apache module, or the FrontPage Server
Extensions for the vhost?
> I'm running a fairly current build:
> 4.8-RELEASE-p14 #9: Wed Dec 31 17:15:23 EST 2003
> Apache/1.3.28 (Unix) mod_perl/1.27 FrontPage/5.0.2.2623 PHP/4.3.4RC1
> mod_ssl/
> 2.8.15 OpenSSL/0.9.7a
>
> I get a lot of error messages in the primary httpd_error.log:
> [2004-01-03 23:24:46]: uid: (nobody/nobody) gid: (nobody/nobody) cmd:
> /_vti_bin/fpcount.exe
The above entries are standard notices that mod_frontpage will put in
the log files. Check the other Apache log files for errors concerning
why logins are not being accepted.
> If anyone's got some insight on what may be going on, or tips for further
> securing mod_front page, I'd be grateful.
>
> TIA
>
> pb
>
>
> Peter Brezny
> purplecat.net
>
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe at freebsd.org"
--
Justin Hopper <jhopper at bsdhosting.net>
UNIX Systems Engineer
BSDHosting.net
Hosting Division of Digital Oasys Inc.
http://www.bsdhosting.net
More information about the freebsd-isp
mailing list