LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-23-2013, 10:22 AM   #1
dboyerco
LQ Newbie
 
Registered: Dec 2013
Posts: 2

Rep: Reputation: Disabled
Apache:Logwatch possible successful probes


Hi, I have setup a webpage where our clients can sign their name with their mouse and then save that signature. When I pass the base64 image in the url to be saved I'm see the follow in the Logwatch:
A total of 8 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/tenant/Thanks.php?imageData=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAfQAAAA3CAYAAAD63bgkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAfzS URBVHhe7d27qixFFMbx7QU0OhoIJmLoK2jmA/gSRsZGPoEYGwhmcryAoIGJGAkGBpqKgmDgJRUE8a7H2/r2ng8XZfVlerq6e3r+P1j0TF+qq7urak33nr33FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgcd8fpjW3I/6eGH9FAACAg7sO0xaUdO+OKPdxJ+KeCM//5zAdy9spsascAAAu3twJXUk2K5N23t8pCdkfFkjq6KKnQ7duXo6iNkpbAnC2lBTnlpN2mcj1/osIvT9l8PS2LeqP86IPd/pgl0Pt7IGI3Bb7aD21JW3Hj3MAnKWxA95YGkwlJ9ravDn4Ll00EJPcL0O+7pk/PJp+tHPfzctRcrlqs9ytA7hovjvKavPmokFYZTu4u9o/tydd674vXU7ltgQAF80JNifWnyM0T9NWXojIAz32S9dZ0UqtDQPARdJgqMj0vuUgbLV9Y19aJ3QhqQM4Oy1+7uzBNg+GSyVZ75vB eN/m/u5HyT8/b70fAJhNi4S+5jfQtW8nde2fpL4/vx6mLX+EIzzpAYBQPrJc4jFpqawD9kPXtXV7WqPNAsBkre6ifaec75KXfny55pMCtKWEzuNwAEhaD4pK5kqoTu4aiJdMsHn/TvDYB7Wllu3Jd+dLttdLMPTUg/MNTNS68yiJetDVdGn5SYH2z+P3/dD15C79PNWuG9cSOBMafBVDn85bUSJ3HUjq+9D67xus2V73TOe0dl41T+ccwERLfSpWZ/W+1vwkziP4ffGHtLmfNLm9/hkxtp2oHrSpYU7m5TWjbwInWjK5+tN3iwH4GK2SAJZ3bBLQ+kNtvr!
bcbbeLtyEZDetK6ELfBE6wZEJXR/b+ltxvyfVg4NiHsUnd60lO0LW2qOUq797rd+O4zKF6XDqdH6n1vb5lAAYs2XH0+NLccde05ocKzEfJU+1JbVlJu4uvd1cy1/xvIjRPZR2TzMXlalu97qvLpevre/RL4ExooFOsndA12DLo7ovalK7pH9fv/v+f2LS8Fr9HzMXtykH7qtO50bkvaV7XMgAb44FuCx2WgaO9lyK+ivggRUtOCE6sayiTuurU4t+8njNfp5Ln15Yd47mIB29eAmglD 3Zr0+Dh4E6qjR8idG6XSuhfR6htOTFougbvvwy3M7e7MXFs29SHh1o5Q7FkH/gkQudD00z18LnS6ymUyL+L0PZfRrwZ8XAEgAbcaddOonnw2EJ9WtPxltHimL+NuBOh70zovL4VsSQ9ctd+dXxrXdfyPOuxfq6PX7 ueXeF1vF0XJ/G8fllWX4zZx9xcx6yszykei3gjwu3hx4gPIx6NADCjWmdemgcOTTWQ6fUag/9S8vH6teLpiCmejPglwuXlMpXMldTfi1iDr6cj1/GUGKtrO9dL81y3IflYyvaZy1Ho/dTvBLiMTPvzMSjm5LpneV9aVh7vVI9HfBzhctU2X48AMINaZ16DBw/xwDk0iHgbxVwDzhJ0bD5W8Z2LIx/XUHRt91PEIxFbcMrxldFVTpe+9dzOHGPbUG6fuQyVP8cX+3L5kvfh/czp0wiVq6lpH3mf3u/c4bLfjwBwgmcjcqfSp2WFBpCy45Wh9Z6KmKrch+tg5aBWk7cbWlc+isj7HBtD5R6j77jejajtvy90B/58xNaprmOv0xD9fN7H7zIVnqfyfZ69Py8r5fVyaN2+L9CV66pOc3K5oqnei157fsnLFMee47y/zyN8bJ6fX88Vvk4aS/QY/qEIYBfW+J1PfTHqiYj7r9/99/vp+v3dofrk5erox+ja1vPV2fU7zR5Eun5HX+uJf99YvK15nan1nb!
JdV33FZeRyL4EG7nxeyut0CiVT/zy2dl51zjVf07625HWkvO7qG/qxxi3NCF7e!
V+YpXB9P
Rftxe67tM68rej/2H HTTP Response 200

My question, is there a way to turn this off. The log could get quit large since all clients will be require to sign and save there signature.

Thank You
Dennis Boyer
 
Old 12-24-2013, 04:39 AM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,702

Rep: Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270Reputation: 1270
Don't use the URL to pass data.

Besides not being secure, as you found out. The "signature" is now available to anyone.
 
Old 12-24-2013, 12:20 PM   #3
dboyerco
LQ Newbie
 
Registered: Dec 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thank you for your response.
It was like a slap in the face that woke me up!!! Thank you.
I agree that is unsecured. I was able to figure out how to save the signature by using ajax.
Thank you for setting me straight.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible successful probes detected newbie14 Linux - Security 25 04-26-2013 09:51 AM
[SOLVED] Logwatch : A total of 1 possible successful probes were detected Metux Linux - Security 2 11-08-2012 07:26 AM
Apache exploit? Logwatch: A total of 2 possible successful probes were detected deathsfriend99 Linux - Security 1 10-24-2011 03:16 PM
LogWatch: "possible successful probes"? Quip11 Linux - Security 1 07-20-2009 04:39 PM
What's this in LogWatch: "!!!! 1 possible successful probes" ? bomix Linux - Security 1 07-29-2005 10:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration