[TriLUG] Log message from Apache

matt at noway2.thruhere.net matt at noway2.thruhere.net
Wed Jul 10 14:06:21 EDT 2013


> Folks,
>
> I have received an interesting message from Apache, and am not sure
> what I can do to respond.  ( It seems that the site is interesting to
> .cn! )   Suggestions, ideas?
>
>
>  A total of 5 possible successful probes were detected (the following URLs
> contain strings that match one or more of a listing of strings that
> indicate a possible exploit):
(snip)
I've seen a lot of threads on this subject.  It looks like an attempt to
exploit Apache and if I recall correctly, there are certain versions that
are susceptible and/or add-on applications make it vulnerable.

I think that they are "successful" in that Apache gives a 200 (OK)
response code, along with returning index.html (or whatever the default
page is).

This link has a pretty lengthy discussion of this alert message.  There
are also several more (if you need more info) according to a search of the
terms "successful probe attempt"

http://www.linuxquestions.org/questions/linux-security-4/possible-successful-probes-detected-4175457440/




More information about the TriLUG mailing list