LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page Apache server compromised?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-13-2005, 04:27 AM   #1
lacerto
Member
Contributing Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Rep: Reputation: 30
Apache server compromised?

Hi
I was looking through my access_log this morning, and noticed the following:

[12/Apr/2005:18:52:13 +0100] "POST /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.1" 401 1296 "-" "-"

Is this a security breech?

EDIT: A bit of further, more precise googling indicates that these are IIS worms, and of no concern to me.
Last edited by lacerto; 04-13-2005 at 05:01 AM.
 
Old 04-13-2005, 07:33 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Get used to seeing this kind of garbage in your logs. The number of infected IIS out there must be huge. Besides, note the 401 code which means that they didn't get any farther than POSTing the URL. For what it is worth, I believe this particular entry is looking for MS Front Page extentsions to play with.
 
Old 04-13-2005, 07:47 AM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Anytime you see the .dll or .exe extensions in a URL like that, it's a good tip-off that it's a Windows exploit
 
Old 04-13-2005, 03:26 PM   #4
lacerto
Member
Contributing Member
 
Registered: Oct 2003
Location: South London
Distribution: Gentoo.
Posts: 297

Original Poster
Rep: Reputation: 30
Thanks gents.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Server Compromised? stlyz3 Linux - Security 6 09-07-2005 04:28 PM
Gentoo's server compromised? Couldn't be, right? jon_k Linux - Security 1 06-12-2005 06:46 PM
Apache compromised? jme Linux - Security 2 03-21-2005 11:36 AM
Server Compromised. Pls help. phumes Linux - Security 5 08-24-2004 11:47 AM
Server was compromised, need help Asiana Linux - Security 3 06-02-2004 12:39 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration