[rfk-dev] robotfindskitten.cgi considered harmful?

Martin Pool mbp@samba.org
Tue, 3 Jul 2001 09:02:31 +1000

On  2 Jul 2001, "Peter A. Peterson II" <pedro@tastytronic.net> wrote:
> You might have noticed that the robotfindskitten.cgi page at
> kathleen.northpark.edu is down. This is because the box has crashed. I'm
> not sure why; it's possible that there was a power outage that left the
> drive in an unbootable way, or that it was hax0red, but
> robotfindskitten.cgi is the only change I made to it in the last 6
> months. Is there anything I should look for in attempting to detect
> either an intrusion or a catastrophic failure? I could mount this drive
> on two-bit next week if anyone cares to inspect it. 

I hope that's not why.  I did warn that somebody else should check for
problems, though.

You can start by booting from a CD (if possible) and running the
current version of 


If it's a RedHat machine, then you can try using rpm --verify.

There's also this recent article:


Also, it would be good to configure that program to run as a nobody
user using apache's cgi setuid wrapper.

Talk to me off the list if you would like more help.