On 2014-04-09 19:32, Jameson wrote:
> On Tue, Apr 1, 2014 at 9:30 AM, Nowaker wrote:
>>
199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
"GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
>>
>>
>>> But the most interesting part is that your apache is replying with "200",
>>> that is OK!
>>
>>
On Wed, Apr 9, 2014 at 7:38 PM, ProgAndy wrote:
> Am 09.04.2014 19:32, schrieb Jameson:
>
> On Tue, Apr 1, 2014 at 9:30 AM, Nowaker wrote:
>>
>>> 199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
> "GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
>
>>> But the most interesting part is
Am 09.04.2014 19:32, schrieb Jameson:
On Tue, Apr 1, 2014 at 9:30 AM, Nowaker wrote:
199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
"GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
But the most interesting part is that your apache is replying with "200",
that is OK!
Nice catch! It's certainl
On Tue, Apr 1, 2014 at 9:30 AM, Nowaker wrote:
>
>>> 199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
>>> "GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
>
>
>> But the most interesting part is that your apache is replying with "200",
>> that is OK!
>
>
> Nice catch! It's certainly a proxy.
Thanks f
199.83.93.35 - - [29/Mar/2014:22:04:54 -0400]
"GET http://ro2.biz/pixel.png HTTP/1.0" 200 151
But the most interesting part is that your apache is replying with "200", that
is OK!
Nice catch! It's certainly a proxy.
> See? The request asks for all the URL, http:// and host name included,
On Sun, Mar 30, 2014 at 4:37 AM, Jameson wrote:
> I'm seeing some very strange behavior from my Apache web server, and
> I'm afraid it may have been compromised. Every time I start it, my
> router is saturated with the maximum number of connections it can
> handle, and my access_log starts filling
On Mon, Mar 31, 2014 at 6:36 AM, Simon Brand
wrote:
> You can also use
Thanks for all the suggestions, guys. I'll probably do some further
checking just to make sure nothing else is going on, but once I
created a rewrite rule to drop those connections instead of sending
them 404s, they went away.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
You can also use
pacman -Qkk
For example, boot from iso, mount your root device as /mnt
pacman -Qkk -r /mnt
Not every warning means a compromission.
To find files not owned by a package, use:
find /mnt/ -exec pacman -Qqo {} -r /mnt \;
Maybe you
rkhunter (these
return a LOT of false positives).
7. Has anything else been acting up with the server? A lot of cracks break
other things.
---Theo
> Date: Sat, 29 Mar 2014 22:45:35 -0400
> From: imntr...@gmail.com
> To: arch-general@archlinux.org
> Subject: Re: [arch-general] My
On Sat, Mar 29, 2014 at 10:41 PM, Nowaker wrote:
>> I'm seeing some very strange behavior from my Apache web server, and
>> I'm afraid it may have been compromised. Every time I start it, my
>> router is saturated with the maximum number of connections it can
>> handle, and my access_log starts fi
I'm seeing some very strange behavior from my Apache web server, and
I'm afraid it may have been compromised. Every time I start it, my
router is saturated with the maximum number of connections it can
handle, and my access_log starts filling with lines like:
Start whatever HTTP server in place
I'm seeing some very strange behavior from my Apache web server, and
I'm afraid it may have been compromised. Every time I start it, my
router is saturated with the maximum number of connections it can
handle, and my access_log starts filling with lines like:
208.115.242.252 - - [29/Mar/2014:22:04
12 matches
Mail list logo
