LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-04-2013, 10:18 PM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 402

Rep: Reputation: Disabled
404 Not Found /folder/cache


Dear All,
I have been monitoring my logwatch content and I notice there is some 170 times of myfolder/cache/09fe503e5898bcbc55056542d470a803. Is this any hack attempt? I have also install mod_secure should I do some more hardening then?
 
Old 02-05-2013, 05:07 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by newbie14 View Post
I have been monitoring my logwatch content
Good, good...


Quote:
Originally Posted by newbie14 View Post
and I notice there is some 170 times of myfolder/cache/09fe503e5898bcbc55056542d470a803. Is this any hack attempt?
Please be more specific. I don't what log file the warning stems from or why you obfuscate the location of "myfolder/". And did you check the contents of "myfolder/cache/"?


Quote:
Originally Posted by newbie14 View Post
I have also install mod_secure should I do some more hardening then?
Maybe start by listing what the purpose of this machine is (LAN file server, exposed web server, etc) and what you already have done in terms of hardening.
 
Old 02-06-2013, 02:51 AM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 402

Original Poster
Rep: Reputation: Disabled
Dear All,
I have an exposed web server machine. The hardening part I have done is that to stop using normal user name password, putting the machine behind a firewall thus only port 80 is open and to access the machine via ssh it to be via vpn. In additonal it is minimal install centos 6.3 and directory browsing have been blocked too. I have also install mod_secure which claims to protect the apache server. I might be missing other option which I have might not have come learned yet. The log file is content from the logwatch and titled as 404 Not Found. I have done this find / -name cache and I dont see any folder by the name myfolder/cache. What can I do the further harden by server to avoid attacks on my folders?

After some more googling and further going through the error and access log of my httpd I found this link speak the same problem too http://serverfault.com/questions/390...ge-named-cache. Thus I can see it is any issue with the client browser and not my server? Anyway I will welcome further idea on hardening my web server though.

Last edited by unSpawn; 02-06-2013 at 05:06 AM.
 
Old 02-06-2013, 06:05 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by newbie14 View Post
The log file is content from the logwatch and titled as 404 Not Found. I have done this find / -name cache and I dont see any folder by the name myfolder/cache. What can I do the further harden by server to avoid attacks on my folders?

After some more googling and further going through the error and access log of my httpd I found this link speak the same problem too http://serverfault.com/questions/390...ge-named-cache. Thus I can see it is any issue with the client browser and not my server?
As per http://code.google.com/p/chromium/is...?id=132059#c47 this seems to be caused by the "Ginyas Ltd. Browser Companion" (extension ID bodddioamolcibagionmmobehnbhiakf) browser helper object (HBO) commonly called "Browser Companion Helper" which affects common browsers like Google Chrome, Internet Explorer, and Mozilla Firefox. Indeed it is a client side issue and does not harm the server. Three ways to deal with this I can see: 0) ignore these requests as harmless, 1) block them or 2) alert users their browser is infected by using a rewrite in the httpd.conf (performance-wise avoid using .htaccess files). Should look something like this:
Code:
RewriteEngine On
RewriteRule   ^cache/?$   /yourbrowserisinfected.html  [NC]
and check http://httpd.apache.org/docs/current...d_rewrite.html for how to apply this.


Quote:
Originally Posted by newbie14 View Post
The hardening part I have done is that to stop using normal user name password, putting the machine behind a firewall thus only port 80 is open and to access the machine via ssh it to be via vpn. In additonal it is minimal install centos 6.3 and directory browsing have been blocked too. I have also install mod_secure which claims to protect the apache server.
Now I remember who you are. You had 2 breaches of security in one year and Noway2 and I spent about 2 months getting you to re-install from scratch and configure your machine(s) last year, according to the detailed list of basic OS hardening steps we sent you. Asserting you actually completed that please provide an inventory using servdoc 1.0rc1 and a local check with Tiger 3.2.3 (attach to email and send to my address). Even though you have mod_security running (which is good) please also review the tips at http://httpd.apache.org/docs/2.4/mis...rity_tips.html and as it's often not Apache itself but what you run on top of it do run a basic Nikto 2.1.5 check.
 
Old 02-06-2013, 06:41 AM   #5
newbie14
Member
 
Registered: Sep 2011
Posts: 402

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Ok I will take some to grab regarding mod_rewrite as this are something new to me. Yes you recognise me well. I am not too sure how you want me to use both servedoc.1.Orc1 as I have downloaded it ready. Must I install it? I will read the tips given at the apache site and also the Nikto I have download so what should I do install it?
 
Old 02-06-2013, 06:58 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
You can run ServDoc without installing it and it only requires Perl. Commonly tar balls include files called README and INSTALL containing detailed instructions what to do.
 
Old 02-06-2013, 07:02 AM   #7
newbie14
Member
 
Registered: Sep 2011
Posts: 402

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Give me some time to go through it and run it first. How about the Tiger I gone to to this link http://download.savannah.gnu.org/rel...tiger/?C=M;O=D . I guess to pick the latest file right? Thank you.
 
Old 02-06-2013, 08:11 AM   #8
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Download version 3.2.3.
 
Old 02-06-2013, 08:12 AM   #9
newbie14
Member
 
Registered: Sep 2011
Posts: 402

Original Poster
Rep: Reputation: Disabled
Dear Unspawn,
Ok will do it accordingly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nginx 404 Not Found eyanu Linux - Software 1 07-28-2012 03:27 AM
404 Not Found The requested URL '/zm' was not found on this server. mickeyboa Ubuntu 8 07-26-2012 11:02 AM
404 not found on Ubuntu kchant Linux - Newbie 8 11-14-2009 09:24 PM
404 not found? jabos Mandriva 6 06-21-2007 11:48 AM
cache folder like /var/cache/apt/packages on Debian Shaddy Suse/Novell 0 08-13-2006 10:02 AM


All times are GMT -5. The time now is 11:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration