CGI guestbook.cgi
advICE :Intrusions : 2002514

Summary

Suspicious URL.

An attempt to execute guestbook, which is a program with known vulnerabilities.

Details

The intruder is scanning the web server on the system looking for potential vulnerabilities in the "dynamic content generation" portion of the web server. This feature of the web server runs a separate program to create web pages when users access the site.

There are hundreds of such programs that have security bugs in them. In this instance, a hacker is browsing the web server looking for one of these programs. Most of the hacking you read about in the news is due to hackers exploiting these programs and "defacing" the web site.

More information can be found under cgi-bin exploits.

Defense

If this script is visible to the outside world, you should remove it from the directory.

Remove all dynamic content that isn't absolutely necessary to run the web site. Double-check the scripts that you do use in order to verify that they won't permit a security breach.

parametric information URL The suspicious URL. accessed Indicates whether the URL was successfully accessed. code The HTTP return code. arg The argument to the GET command (if any).

 
Version appeared: