Re: F19: Is this an httpd attack attempt?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim <ignored_mailbox@xxxxxxxxxxxx> writes:

> Allegedly, on or about 05 March 2014, lee sent:
>> Could someone please explain why/how this may be considered as an
>> attack or at least as something bad?
>
> Have a look at the log line that the original poster sent:
>
> 185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET http://24x7-allrequestsallowed.com/?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA HTTP/1.1" 200 5264 "-" "-"
>
> look above here, where the carats are at the end of these hyphens ---------------------------------------------------------------------^^^
>
> That "200" means a successful result, rather than a failure.  In other
> words, what they tried to do, they did.

Yes --- I was wondering if perhaps some sort of error page might have
been served.

>> Someone requesting an URL from a web server that doesn´t serve this
>> URL --- or doesn´t serve the specified domain at all --- could be
>> caused by incorrect responses from name servers, couldn´t it?
>
> Not, like that.  Say, for example, I try to get this page from a
> website:  www.example.com/pages/test.html  The browser will connect to
> example.com (presuming that DNS is working), and then it will try to
> GET /pages/test.html.  The domain name will not be in the GET request.
>
> e.g. That log line would have looked like:
>
> 185.4.227.194 - - [03/Mar/2014:07:27:49 -0800] "GET /?PHPSESSID=1rmsxtj500143TRMUTP_ODZZWA HTTP/1.1" 200 5264 "-" "-"
>
> As a more normal use of a webserver.

I see what you mean, then entries in my log file look like that.

As Tom Rivers pointed out in his posts, his tests have shown that
someone might have used the web server as a proxy.  Now there is
probably no way to determine whether what caused this log entry was
actually an attack or not, or is there?


-- 
Fedora release 20 (Heisenbug)
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux