1 |
/* phf - cracker trap |
2 |
** |
3 |
** Old distributions of the NCSA and Apache web servers included a |
4 |
** version of the phf program that had a bug. The program could |
5 |
** easily be made to run arbitrary shell commands. There is no real |
6 |
** legitimate use for phf, so any attempts to run it must be considered |
7 |
** to be attacks. Accordingly, this version of phf logs the attack |
8 |
** and then returns a page indicating that phf doesn't exist. |
9 |
** |
10 |
** |
11 |
** Copyright © 1996 by Jef Poskanzer <jef@acme.com>. |
12 |
** All rights reserved. |
13 |
** |
14 |
** Redistribution and use in source and binary forms, with or without |
15 |
** modification, are permitted provided that the following conditions |
16 |
** are met: |
17 |
** 1. Redistributions of source code must retain the above copyright |
18 |
** notice, this list of conditions and the following disclaimer. |
19 |
** 2. Redistributions in binary form must reproduce the above copyright |
20 |
** notice, this list of conditions and the following disclaimer in the |
21 |
** documentation and/or other materials provided with the distribution. |
22 |
** |
23 |
** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND |
24 |
** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
25 |
** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
26 |
** ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
27 |
** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
28 |
** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
29 |
** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
30 |
** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
31 |
** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
32 |
** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
33 |
** SUCH DAMAGE. |
34 |
*/ |
35 |
|
36 |
#include <stdio.h> |
37 |
#include <stdlib.h> |
38 |
#include <string.h> |
39 |
#include <syslog.h> |
40 |
|
41 |
#include "config.h" |
42 |
|
43 |
static char* argv0; |
44 |
|
45 |
int |
46 |
main( int argc, char* argv[] ) |
47 |
{ |
48 |
char* cp; |
49 |
|
50 |
argv0 = argv[0]; |
51 |
cp = strrchr( argv0, '/' ); |
52 |
if ( cp != (char*) 0 ) |
53 |
++cp; |
54 |
else |
55 |
cp = argv0; |
56 |
openlog( cp, LOG_NDELAY|LOG_PID, LOG_FACILITY ); |
57 |
syslog( LOG_CRIT, "phf CGI probe from %s", getenv( "REMOTE_ADDR" ) ); |
58 |
(void) printf( "\ |
59 |
Content-type: text/html\n\ |
60 |
Status: 404/html\n\ |
61 |
\n\ |
62 |
<HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n\ |
63 |
<BODY><H2>404 Not Found</H2>\n\ |
64 |
The requested object does not exist on this server.\n\ |
65 |
The link you followed is either outdated, inaccurate,\n\ |
66 |
or the server has been instructed not to let you have it.\n\ |
67 |
</BODY></HTML>\n" ); |
68 |
exit( 0 ); |
69 |
} |