Simulated attack on Unix webserver

• To: www-security@ns2.rutgers.edu
• Subject: Simulated attack on Unix webserver
• From: gprice@www1.webserve.bt.com (Application Support)
• Date: Tue, 14 May 1996 10:03:47 +0100

Hi 

My company is set to launch a 'rent-a-web-space' project.
I am on the support team and have been asked to look at the
security of the system.

The project is fairly standard, users can ftp their documents
onto the server and cannot supply their own cgi-scripts.  Two
cgi scripts are provided a page counter and a form that will
mail user inputs to the customers email address. Users are 
emailed a stats report for their page every day.  

The system uses the Netscape Commerce server and the Washington
ftp server, this has been modified by the developers to stop
bugs such as allowing users to access a directory above their 
root apparently.

I would love to hear any ideas any of you have as to where the system
may be vulnerable to attack and how to simulate such an attack.

Many thanks for any help 

Gwyn

• Previous: Redundant web pages
• Next: Re: Macintosh Web Server Issues
• Index(es):
  • Index
  • Thread