2010/8/22 Gilbert Sebenste <seben...@weather.admin.niu.edu>: > Hey everyone, > > Logwatch flagged something in my Apache logs, and it says it was a > possible successful probe. Hmmm. Here's what it says: > > --------------------- httpd Begin ------------------------ > > A total of 1 sites probed the server > 66.249.137.70 > > A total of 2 possible successful probes were detected (the following URLs > contain strings that match one or more of a listing of strings that > indicate a possible exploit): > > 66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET > /mystuff/?g=../../../../../../../../../../../../../../../proc/self/environ%00 > HTTP/1.1" 200 5231 "-" "libwww-perl/5.810" > 66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET > /?g=../../../../../../../../../../../../../../../proc/self/environ%00 > HTTP/1.1" 200 14169 "-" "libwww-perl/5.810" > > I didn't see anything on my server this morning, as I checked around it. > Is this something to be concerned about? I'm fully patched (yum updated > through this past week). Anybody else see this?
I think this is a bit antique attack: http://foro.undersecurity.net/read.php?15,3768 -- Eero _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
