Re: Strange Apache log entry

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



2010/8/22 Gilbert Sebenste <sebenste@xxxxxxxxxxxxxxxxxxxxx>:
> Hey everyone,
>
> Logwatch flagged something in my Apache logs, and it says it was a
> possible successful probe. Hmmm. Here's what it says:
>
>  --------------------- httpd Begin ------------------------
>
>  A total of 1 sites probed the server
>     66.249.137.70
>
>  A total of 2 possible successful probes were detected (the following URLs
>  contain strings that match one or more of a listing of strings that
>  indicate a possible exploit):
>
> 66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /mystuff/?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 5231 "-" "libwww-perl/5.810"
> 66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 14169 "-" "libwww-perl/5.810"
>
> I didn't see anything on my server this morning, as I checked around it.
> Is this something to be concerned about? I'm fully patched (yum updated
> through this past week). Anybody else see this?

I think this is a bit antique attack:

http://foro.undersecurity.net/read.php?15,3768

--
Eero
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux