Hello!
I'd like to bring this up once again. Time being I think it's not that someone tries to hack my site, because there are too many of those errors.
Following the script I found that the error appears only when neither request_method POST nor GET are being used. All LINKS html-forms use either one of them.
As I can see it's only jump.cgi that produces this error (allthough my LINKS seems to work fine, it's not that I receive an error when I click on any of my links), and jump.cgi is - I think - the only script that is being called via a html-link.
So I wonder: what request method is being used when one calls a script via a direct link?
Denis
PS: for anyone who's interested, I don't know if soemone else did this "mod" before, but with the following you can have sent occuring errors to the admin-email:
in db_utils.pl find:
sub cgierr Something like 26 lines below, between the
print "please inform the webmaster about this error"; and
exit -1; place this:
In Reply To:
## --------------------------------------------------------
## Sends an email to the admin, letting him know about the error
## Check to make sure that there is an admin email address defined.
$db_admin_email or &cgierr("Admin Email Address Not Defined in config file!");
my $to = $db_admin_email;
my $from = "you\@yourdomain.com\n"; ## put your own email here
my $subject = "LINKS Errormessage\n";
my $msg = "LINKS: the following error occured\n";
$msg .= "\n\nCGI ERROR\n==========================================\n";
$_[0] and $msg .= "Error Message : $_[0]\n";
$0 and $msg .= "Script Location : $0\n";
$] and $msg .= "Perl Version : $]\n";
$msg .= "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
$msg .= "$key$space: $in{$key}\n";
}
$msg .= "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
$msg .= "$env$space: $ENV{$env}\n";
}
$msg .= "\n\n$ENV{'FROM'}";
## Then mail it away!
require "$db_lib_path/Mailer.pm"; ## make sure Mailer.pm is in your admin path...
my $mailer = new Mailer ( { smtp => $db_smtp_server,
sendmail => $db_mail_path,
from => $from,
subject => $subject,
to => $to,
msg => $msg,
log => $db_mailer_log
} ) or return;
$mailer->send or return;
## End Mod
## --------------------------------------------------------
After having made this changes you get interesting mails like this one (which tells me there's this bloody error...):
In Reply To:
Links: the following error occured
CGI ERROR
==========================================
Error Message : You cannot run this Script from Telnet/Shell!
Script Location : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
Perl Version : 5.00502
Form Variables
-------------------------------------------
Environment Variables
-------------------------------------------
CONTENT_LENGTH : 0
DBENTRY : /homepage/15/d298827/htdocs:d0000#CPU 6 #NPROC 12 #MEM 10240 #LANG 0 #CGI 6175 #TAID 7844266 #WERB 0
DOCUMENT_ROOT : /homepage/15/d298827/htdocs
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : */*
HTTP_CACHE_CONTROL : no-cache, max-stale=0
HTTP_HOST : www.XYZ.de
HTTP_USER_AGENT : Mozilla/4.05 [en] (Win95; I)
PATH : /bin:/usr/bin
PATH_INFO : /XYZ/cgi-bin/jump.cgi
PATH_TRANSLATED : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
QUERY_STRING : ID=745
REDIRECT_QUERY_STRING: ID=745
REDIRECT_SCRIPT_URI : http://www.XYZ.de/XYZ/cgi-bin/jump.cgi
REDIRECT_SCRIPT_URL : /XYZ/cgi-bin/jump.cgi
REDIRECT_STATUS : 200
REDIRECT_URL : /XYZ/cgi-bin/jump.cgi
REMOTE_ADDR : 145.253.20.130
REMOTE_PORT : 25298
REQUEST_METHOD : HEAD
REQUEST_URI : /XYZ/cgi-bin/jump.cgi?ID=745
SCRIPT_FILENAME : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
SCRIPT_NAME : /XYZ/cgi-bin/jump.cgi
SCRIPT_URI : http://www.XYZ.de/XYZ/cgi-bin/jump.cgi
SCRIPT_URL : /XYZ/cgi-bin/jump.cgi
SERVER_ADDR : XYZ
SERVER_ADMIN : XYZ
SERVER_NAME : XYZ
SERVER_PORT : 80
SERVER_PROTOCOL : HTTP/1.0
SERVER_SIGNATURE :
SERVER_SOFTWARE : Apache/1.3.14 (Unix)