Fri, 16 Jan 2004 10:41:24 -0500
|
On Fri, 16 Jan 2004 08:32:29 EST, Paul Karagianis <[log in to unmask]> said:
> I was scratching my head wondering what this "running an exe" meant. It
> sounds like the complainer thinks wa.exe is running on the clients machine,
> not the server. I mean, isn't the WWW server procedure, Apache or whatever,
> itself an exe?
It means some user with more paranoia than clue saw that the four letters '.',
'e', 'x', 'e' showed up in a URL in that order, adjacent to each other, and
promptly had a cow. The security industry calls this an IWF or BWF incident
(idiot/bozo with firewall), and rank it right up there with complaints like
'ns1.your.site is portscanning me from port 53' or 'ntp-1.your.site is
portscanning me from port 123'.
To fix this you have two main choices:
1) Find a baseball bat and do the emotionally satisfying thing. :)
2) Do this:
a) cd ~apache/cgi-bin (or wherever you keep it)
b) mv wa.exe wa.cgi
c) ln -s wa.cgi wa.exe (for those who have .exe addresses bookmarked)
d) in ~listserv/go.user, find the line:
WWW_ARCHIVE_CGI="/cgi-bin/wa.exe"
and change the .exe to .cgi.
Works fine - in fact, it's been called wa.cgi for *ages* at my site.
|
|
|