20CN网络安全小组论坛 - 黑客进阶 - 问:Apache的Status漏洞?

论坛: 黑客进阶标题: 问:Apache的Status漏洞?

作者: bridex [bridex]

论坛用户

Server Version: Apache/1.3.29 (Unix) PHP/4.3.3
Server Built: Nov 3 2003 09:56:40

--------------------------------------------------------------------------------
Current Time: Monday, 29-Dec-2003 02:47:16 EST
Restart Time: Monday, 29-Dec-2003 02:00:56 EST
Parent Server Generation: 697
Server uptime: 46 minutes 20 seconds
Total accesses: 2253 - Total Traffic: 61.7 MB
CPU Usage: u1.85938 s3.71875 cu17.6953 cs3.48438 - .963% CPU load
.81 requests/sec - 22.7 kB/second - 28.1 kB/request
8 requests currently being processed, 242 idle servers

然后是一大群IP列表.
...
...
...
Srv Child Server number - generation
PID OS process ID
Acc Number of accesses this connection / this child / this slot
M Mode of operation
CPU CPU usage, number of seconds
SS Seconds since beginning of most recent request
Req Milliseconds required to process most recent request
Conn Kilobytes transferred this connection
Child Megabytes transferred this child
Slot Total megabytes transferred this slot

很严重啊.!

如何利用和防护这类漏洞?

地主发表时间: 03-12-29 16:13

回复: NetDemon [netdemon]

ADMIN

httpd.conf

注释掉 LoadModule status_module libexec/apache/mod_status.so

或者下面的

#<Location /server-status>
# SetHandler server-status
# Order deny,allow
# Deny from all
# Allow from .your-domain.com
#</Location>

其实你配置好了只有你自己才可以看到，别人不可以的

B1层发表时间: 03-12-29 17:19

回复: bridex [bridex]

论坛用户

谢ND了.

B2层发表时间: 03-12-29 19:58

论坛: 黑客进阶