[BACK]Return to phf.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / thttpd / cgi-src
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / thttpd / cgi-src / phf.c
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 17:21:13 2012 UTC (13 years, 1 month ago) by misho
Branches: thttpd, MAIN
CVS tags: v2_25b, HEAD
thttpd

    1: /* phf - cracker trap
    2: **
    3: ** Old distributions of the NCSA and Apache web servers included a
    4: ** version of the phf program that had a bug.  The program could
    5: ** easily be made to run arbitrary shell commands.  There is no real
    6: ** legitimate use for phf, so any attempts to run it must be considered
    7: ** to be attacks.  Accordingly, this version of phf logs the attack
    8: ** and then returns a page indicating that phf doesn't exist.
    9: **
   10: **
   11: ** Copyright © 1996 by Jef Poskanzer <jef@mail.acme.com>.
   12: ** All rights reserved.
   13: **
   14: ** Redistribution and use in source and binary forms, with or without
   15: ** modification, are permitted provided that the following conditions
   16: ** are met:
   17: ** 1. Redistributions of source code must retain the above copyright
   18: **    notice, this list of conditions and the following disclaimer.
   19: ** 2. Redistributions in binary form must reproduce the above copyright
   20: **    notice, this list of conditions and the following disclaimer in the
   21: **    documentation and/or other materials provided with the distribution.
   22: **
   23: ** THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
   24: ** ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   25: ** IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   26: ** ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   27: ** FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   28: ** DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   29: ** OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   30: ** HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   31: ** LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   32: ** OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   33: ** SUCH DAMAGE.
   34: */
   35: 
   36: #include <stdio.h>
   37: #include <stdlib.h>
   38: #include <string.h>
   39: #include <syslog.h>
   40: 
   41: #include "config.h"
   42: 
   43: static char* argv0;
   44: 
   45: int
   46: main( int argc, char* argv[] )
   47:     {
   48:     char* cp;
   49: 
   50:     argv0 = argv[0];
   51:     cp = strrchr( argv0, '/' );
   52:     if ( cp != (char*) 0 )
   53: 	++cp;
   54:     else
   55: 	cp = argv0;
   56:     openlog( cp, LOG_NDELAY|LOG_PID, LOG_FACILITY );
   57:     syslog( LOG_CRIT, "phf CGI probe from %s", getenv( "REMOTE_ADDR" ) );
   58:     (void) printf( "\
   59: Content-type: text/html\n\
   60: Status: 404/html\n\
   61: \n\
   62: <HTML><HEAD><TITLE>404 Not Found</TITLE></HEAD>\n\
   63: <BODY><H2>404 Not Found</H2>\n\
   64: The requested object does not exist on this server.\n\
   65: The link you followed is either outdated, inaccurate,\n\
   66: or the server has been instructed not to let you have it.\n\
   67: </BODY></HTML>\n" );
   68:     exit( 0 );
   69:     }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>