On 12/13/2011 7:57 PM, Yehuda Katz wrote:
On Tue, Dec 13, 2011 at 10:33 PM, Knute Johnson <apa...@knutejohnson.com
<mailto:apa...@knutejohnson.com>> wrote:
On 12/13/2011 7:12 PM, Yehuda Katz wrote:
On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson
<apa...@knutejohnson.com <mailto:apa...@knutejohnson.com>
<mailto:apache@knutejohnson.__com
<mailto:apa...@knutejohnson.com>>> wrote:
This showed up in my log today on a Ubuntu server with
Apache 2.2.17.
/?file=../../../../../../proc/____self/environ%00 HTTP
Response 200
/?mod=../../../../../../proc/____self/environ%00 HTTP
Response 200
/?page=../../../../../../proc/____self/environ%00 HTTP
Response 200
Thanks. Is there some kind of application that stores data at these
locations normally?
Linux. Or more specifically, it looks like it might be trying to attack
a known vulnerability in the Linux Kernel.
See http://lwn.net/Articles/191954/ for more on that.
Explanation:
Let's say your web application loads files based on the (file/mod/page)
query string value from the folder /srv/www/htdocs/pages/ with the
extension .myfile
The attacker's request for
../../../../../../proc/__self/environ%00
will be view by your application as
/srv/www/htdocs/pages/../../../../../../proc/__self/environ%00.myfile
which the application will likely interpret as just
/proc/__self/environ
Lately I've been getting a bunch of requests for null files,
hundreds of them.
You might want to look into using a program like Fail2Ban
(www.fail2ban.org <http://www.fail2ban.org>) or some other log parser to
block them from hitting your server.
The documentation for fail2ban is not incredible, but their support
mailing list is usually responsive.
- Y
Thanks very much.
--
knute...
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org