[TriLUG] Log message from Apache
matt at noway2.thruhere.net
matt at noway2.thruhere.net
Wed Jul 10 14:06:21 EDT 2013
> Folks,
>
> I have received an interesting message from Apache, and am not sure
> what I can do to respond. ( It seems that the site is interesting to
> .cn! ) Suggestions, ideas?
>
>
> A total of 5 possible successful probes were detected (the following URLs
> contain strings that match one or more of a listing of strings that
> indicate a possible exploit):
(snip)
I've seen a lot of threads on this subject. It looks like an attempt to
exploit Apache and if I recall correctly, there are certain versions that
are susceptible and/or add-on applications make it vulnerable.
I think that they are "successful" in that Apache gives a 200 (OK)
response code, along with returning index.html (or whatever the default
page is).
This link has a pretty lengthy discussion of this alert message. There
are also several more (if you need more info) according to a search of the
terms "successful probe attempt"
http://www.linuxquestions.org/questions/linux-security-4/possible-successful-probes-detected-4175457440/
More information about the TriLUG
mailing list