Gossamer Forum
Home : Products : Links 2.0 : Discussions :

Can I prevent trying one to run LINKS via Telnet?

Quote Reply
Can I prevent trying one to run LINKS via Telnet?
Hello World!

Since I'm mailing me the errors coming up I receive messages like

In Reply To:
CGI ERROR
==========================================
Error Message : You cannot run this script from telnet/shell.
(bla bla)
Actually I know my provider doesn't allow telnet, so I've been not the one who tried... :)

The remote address is pointing to 195.239.202.67, which is "ts2-a67.Irkutsk.dial.sovam.com".

Can I do something else but pray to stop people from hacking my webpspace? :)

Thanks for hints,
Denis


Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Sorry I don't understand. Please clarify.

Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Hi there!

Well, I modified db_utils.pl a little, so that whenever an "sub cgierr" error occurs the error message is mailed to me.

Usually I don't get too many mails, but in the past few days there have been a lot "You cannot run this script from telnet/shell" errors.
The $ENV{REMOTE_ADDR} locates to IP 195.239.202.67, which belongs to "ts2-a67.Irkutsk.dial.sovam.com" - so I wonder what the heck a guy from Irkutsk (which should be somewhere in Siberia, if I'm not mistaken) could be trying to do with the scripts of a german biker directory resulting in that error message :)

Cheers,
Denis

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Hmmm at the top of the script he is trying to execute put:
Code:
if (($ENV{REMOTE_HOST} eq "ts2-a67.Irkutsk.dial.sovam.com") or ($ENV{REMOTE_ADDR} eq "195.239.202.67")) {
&cgierr("You do NOT have permission to execute this script!");
}
Im not sure how he can be executing it anyway.

Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Thanks Paul. Unfortunately the remote_addresses change from error message to error message, so probably I had to make a bigger list of forbidden IPs anyway....

But since I'm not allowed to use telnet myself I hope noone else will be able to. Thinking about the situation... there should be no way to hack a closed telnet, should'nt there? Hope so...

Thanks anyway,
Denis

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
No, as far as I know he shouldn't be able to run any script on your server from telnet so I don't know how he's doing it.

Yeah I know the IP will change (unless it is static) but the remote host is likely to be the same. You could increase the chances of blocking him by using:


Code:
if (($ENV{REMOTE_HOST} =~ /sovam.com/i) or ($ENV{REMOTE_ADDR} =~ /^195.239.202.\d+/)) {
&cgierr("You do NOT have permission to execute this script!");
}
Installs:http://wiredon.net/gt
FAQ:http://www.perlmad.com

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Will try that out, thx Paul!

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Paul (or someone),

do you know by chance what HTTP_REQUEST: HEAD stands for?
I found that above error only occurs when neither method POST nor GET has been used. Somehow I feel i'm not being hacked, but there's an error within the Scripts maybe...

Any ideas?

Thanks,
Denis

Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Hello!

I'd like to bring this up once again. Time being I think it's not that someone tries to hack my site, because there are too many of those errors.

Following the script I found that the error appears only when neither request_method POST nor GET are being used. All LINKS html-forms use either one of them.
As I can see it's only jump.cgi that produces this error (allthough my LINKS seems to work fine, it's not that I receive an error when I click on any of my links), and jump.cgi is - I think - the only script that is being called via a html-link.
So I wonder: what request method is being used when one calls a script via a direct link?

Denis

PS: for anyone who's interested, I don't know if soemone else did this "mod" before, but with the following you can have sent occuring errors to the admin-email:

in db_utils.pl find:
sub cgierr

Something like 26 lines below, between the
print "please inform the webmaster about this error";
and
exit -1;

place this:

In Reply To:
## --------------------------------------------------------
## Sends an email to the admin, letting him know about the error

## Check to make sure that there is an admin email address defined.

$db_admin_email or &cgierr("Admin Email Address Not Defined in config file!");

my $to = $db_admin_email;
my $from = "you\@yourdomain.com\n"; ## put your own email here
my $subject = "LINKS Errormessage\n";
my $msg = "LINKS: the following error occured\n";

$msg .= "\n\nCGI ERROR\n==========================================\n";
$_[0] and $msg .= "Error Message : $_[0]\n";
$0 and $msg .= "Script Location : $0\n";
$] and $msg .= "Perl Version : $]\n";

$msg .= "\nForm Variables\n-------------------------------------------\n";
foreach $key (sort keys %in) {
my $space = " " x (20 - length($key));
$msg .= "$key$space: $in{$key}\n";
}
$msg .= "\nEnvironment Variables\n-------------------------------------------\n";
foreach $env (sort keys %ENV) {
my $space = " " x (20 - length($env));
$msg .= "$env$space: $ENV{$env}\n";
}

$msg .= "\n\n$ENV{'FROM'}";

## Then mail it away!
require "$db_lib_path/Mailer.pm"; ## make sure Mailer.pm is in your admin path...
my $mailer = new Mailer ( { smtp => $db_smtp_server,
sendmail => $db_mail_path,
from => $from,
subject => $subject,
to => $to,
msg => $msg,
log => $db_mailer_log
} ) or return;
$mailer->send or return;

## End Mod
## --------------------------------------------------------
After having made this changes you get interesting mails like this one (which tells me there's this bloody error...):

In Reply To:
Links: the following error occured


CGI ERROR
==========================================
Error Message : You cannot run this Script from Telnet/Shell!

Script Location : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
Perl Version : 5.00502

Form Variables
-------------------------------------------

Environment Variables
-------------------------------------------
CONTENT_LENGTH : 0
DBENTRY : /homepage/15/d298827/htdocs:d0000#CPU 6 #NPROC 12 #MEM 10240 #LANG 0 #CGI 6175 #TAID 7844266 #WERB 0
DOCUMENT_ROOT : /homepage/15/d298827/htdocs
GATEWAY_INTERFACE : CGI/1.1
HTTP_ACCEPT : */*
HTTP_CACHE_CONTROL : no-cache, max-stale=0
HTTP_HOST : www.XYZ.de
HTTP_USER_AGENT : Mozilla/4.05 [en] (Win95; I)
PATH : /bin:/usr/bin
PATH_INFO : /XYZ/cgi-bin/jump.cgi
PATH_TRANSLATED : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
QUERY_STRING : ID=745
REDIRECT_QUERY_STRING: ID=745
REDIRECT_SCRIPT_URI : http://www.XYZ.de/XYZ/cgi-bin/jump.cgi
REDIRECT_SCRIPT_URL : /XYZ/cgi-bin/jump.cgi
REDIRECT_STATUS : 200
REDIRECT_URL : /XYZ/cgi-bin/jump.cgi
REMOTE_ADDR : 145.253.20.130
REMOTE_PORT : 25298
REQUEST_METHOD : HEAD
REQUEST_URI : /XYZ/cgi-bin/jump.cgi?ID=745
SCRIPT_FILENAME : /homepage/15/d298827/htdocs/XYZ/cgi-bin/jump.cgi
SCRIPT_NAME : /XYZ/cgi-bin/jump.cgi
SCRIPT_URI : http://www.XYZ.de/XYZ/cgi-bin/jump.cgi
SCRIPT_URL : /XYZ/cgi-bin/jump.cgi
SERVER_ADDR : XYZ
SERVER_ADMIN : XYZ
SERVER_NAME : XYZ
SERVER_PORT : 80
SERVER_PROTOCOL : HTTP/1.0
SERVER_SIGNATURE :
SERVER_SOFTWARE : Apache/1.3.14 (Unix)
Quote Reply
Re: Can I prevent trying one to run LINKS via Telnet? In reply to
Hi,

If you believe that the jump.cgi file is the cause of your error messages then I suggest that you upload a new fresh jump.cgi.

Good luck,

Joe