LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

nginx 'autoindex' module bug: patch committed

Posted 02-07-2010 at 05:17 PM by Web31337 (In The Middle Of Nowhere [edK's blog])
Tags bug, nginx, patch

Two or three days ago I was cleaning up my webserver hosts, and adding some stuff.
Occasionally, I've created a file with name containing '?'(question sign) in it. This directory had autoindex enabled, served by nginx.
I've tried to view the directory listing in my browser(just to see how it is shown) and found a bug: autoindex module wasn't URL-encoding the question sign. So it resulted in request to /somedir/filename instead of /somedir/filename%3f as it should have been.
...
Member
Posted in opensource
Views 1930 Comments 0 Web31337 is offline
Old
Rating: 2 votes, 5.00 average.

Logwatch, webserver logs, PHP malarky

Posted 10-03-2009 at 04:52 AM by unSpawn
Updated 04-01-2012 at 04:18 PM by unSpawn (//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
Tags logwatch, patch, php

As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Moderator
Posted in Uncategorized
Views 3552 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 05:12 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration