CGI scans from Strauss.udel.edu -- They're back

[jose () BIOCSERVER BIOC CWRU EDU (Jose Nazario)]

Hi all,

Last month I reported some campus wide probes by the machine
strauss.udel.edu to our domain (cwru.edu), and many other domains turned
up as being hit. A few messages back and forth and things were, we hoped,
cleared up.

It looks like their problem has returned. This is from my logs the other
day:

> From a web server:

strauss.udel.edu - - [13/Apr/2000:00:24:43 -0400] "GET
/cgi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}"); HTTP/1.0" 404 256

> From a workstation:

[13/Apr/1999:00:15:11] config: for host strauss.udel.edu trying to GET /c
gi-bin/counter/nl/ord/lang=english(1);system("$ENV{HTTP_X}");, check-acl
reports: ACL name httpd-nameserver-WRITE not defined

A memo was sent on Thursday, but no response has yet been received. I know
at least one other site admin has contacted me with the same scan, so it
will most likely be widespread.

I'd like to know what function strauss.udel.edu servrs. Is it a general
udel.edu campus web proxy? By cutting it off at the border will I cut off
every legitimate user, too, from udel.edu?

Thanks,

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc