LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices


  1. Old Comment

    Exploit permissions?

    Quote:
    Originally Posted by maples View Comment
    You're not the only one.

    These are just a few entries from the web server running in my basement, not any kind of production server or anything with something desirable on it.
    Code:
    61.19.246.190 - - [19/Aug/2014:11:22:41 -0400] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 487 "-" "ZmEu"
    122.226.223.69 - - [17/Aug/2014:12:29:53 -0400] "GET http://www.k2proxy.com//hello.html HTTP/1.1" 404 530 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"
    209.67.233.66 - - [30/Aug/2014:20:46:28 -0400] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 506 "-" "-"
    115.29.10.210 - - [06/Sep/2014:07:56:46 -0400] "GET http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 HTTP/1.1" 404 452 "http://hotel.qunar.com/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36"
    And lots of people searching for PhpMyAdmin (all_access.log is the combined logs from about the past year). Unfortunately for them, it's buried in a directory somewhere that's protected by a .htaccess password (as well as the standard database passwords):
    Code:
    $ grep -i "GET /PhpMyAdmin" all_access.log | wc -l
    1191
    $ grep -i "GET /pma" all_access.log | wc -l
    561
    Also people searching for /cgi-bin, which I don't even have.
    Code:
    $ grep -i "cgi-bin" all_access.log | wc -l
    3085
    The "usual" scan for low-hanging fruit.

    Quote:
    Originally Posted by maples View Comment
    And does anyone have any idea what's going on with this? Google doesn't seem to like it.
    Code:
    221.194.47.232 - - [17/Aug/2014:13:09:13 -0400] "POST /cgi-bin/php4?2D64+61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 404 492 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
    translates to
    Code:
    allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
    see also http://www.url-encode-decode.com/

    Good Stuff.
    Thanks!
    Posted Today at 11:41 AM by Habitual Habitual is online now
  2. Old Comment
    Posted Yesterday at 09:44 AM by exton exton is offline
  3. Old Comment

    [MYSTERY SOLVED] What does "echo ???????????????" really do?

    It would probably have been more obvious if I hadn't had the impression that it was somehow echoing history entries, for some reason.
    Posted 04-28-2016 at 08:01 AM by the dsc the dsc is offline
  4. Old Comment

    How To Make A Menu Entry

    Nice tutorial. Write some more
    Posted 04-26-2016 at 05:15 AM by XenaneX XenaneX is offline
  5. Old Comment

    Is there any accurate way to rank distros?

    Quote:
    Originally Posted by frankbell View Comment
    what rocker357 said
    As I age I feel more and more this way every day =)
    Posted 04-24-2016 at 09:52 PM by rocket357 rocket357 is offline
  6. Old Comment

    Is there any accurate way to rank distros?

    First, great post, because it provokes thought. Thank you.

    In addition to what rocker357 said, there is also this:

    Distros--well, computer OS's--can be used for so many different purposes that I think a single ranking scale is whistling in the wind.

    There are not just server and home use.

    There are business servers, web servers, and file servers. They are all servers, but they serve(r) different purposes and would be evaluated using different criteria. There is also office use (documents and general business), office use (accounting), office use (engineering and design), audio-visual and/or graphic creation and editing, general home use (email, web, some documents, photo editing), and those are just the ones off the top of my head. Each usage would necessitate a different weighting of metrics.

    And, frankly, it's not so much the distro that matters as the application suite, because every distro still has the Linux kernel at its core.

    Distrowatch's method is sort of a popularity poll and doesn't pretend to be anything more. It's meaningless fun, like a carny game.

    Just my two cents.
    Posted 04-24-2016 at 09:08 PM by frankbell frankbell is offline
  7. Old Comment

    Is there any accurate way to rank distros?

    If you figure out a way to remove response bias (any bias, honestly) you would likely win some awards and worldwide recognition. I'm going to go out on a limb and say that since no one has solved this one yet, odds are pretty good we'll be dealing with bias for many, many years to come.

    Not to say the ideas presented are without merit, of course =) Your first duty would be to define "ranking" very precisely so you have some hope of achieving a goal instead of floundering about some vague concept of "better".
    Posted 04-24-2016 at 12:13 PM by rocket357 rocket357 is offline
  8. Old Comment

    [MYSTERY SOLVED] What does "echo ???????????????" really do?

    erm,
    I don't know why that didn't "click" earlier.

    Glad it worked out.
    Posted 04-21-2016 at 08:27 PM by Habitual Habitual is online now
  9. Old Comment

    [MYSTERY SOLVED] What does "echo ???????????????" really do?

    Code:
    18:07 dsc / $ \echo ????
    boot home proc root sbin
    (Didn't know this inverted dash shorthand for the non-aliased executable, cool)

    Just noticed something similar happens even with printf, with a less "parsed" output (no newlines, as usual), and somewhat different as well:

    Code:
    18:12 dsc / $ printf ????
    boot18:12 dsc / $ 
    18:12 dsc / $ \printf ????
    boot18:12 dsc / $ 
    18:12 dsc / $

    And also with plain bash (I guess):

    Code:
    18:43 dsc / $ bash --norc
    bash-4.3$ echo ????
    boot home proc root sbin
    bash-4.3$

    Eventually I'll boot on Debian to see if it does the same.

    Still on Ubuntu Wily, the mystery-folder/file through "?????" is also present in other commands, such as ls:

    Code:
    18:57 dsc / $ echo ???
    bin dev etc lib mnt opt run smb srv sys tmp usr var
    18:57 dsc / $ ls -1 ???
    bin:
    bash
    bunzip2
    bzcat
    
    [...]
    Posted 04-21-2016 at 04:07 PM by the dsc the dsc is offline
    Updated 04-21-2016 at 04:59 PM by the dsc
  10. Old Comment
    Posted 04-21-2016 at 06:09 AM by Habitual Habitual is online now
  11. Old Comment

    John 8:12

    I can appreciate honest questions but I'm not wanting to get into a debate here again.

    Take care...
    Posted 04-20-2016 at 12:16 PM by ardvark71 ardvark71 is offline
    Updated 04-20-2016 at 11:42 PM by ardvark71 (Correction.)
  12. Old Comment

    John 8:12

    Studies have shown that atheist and believers brains use different pathways to process religious thought, typically with believers it is either pathways that regulate fear or are used for language, whereas for atheists and agnostics it tends to be with pathways associated with visual processing.

    Would an all powerful loving God cast me into hell simply because my brain is *literally* wired differently than yours?
    Posted 04-19-2016 at 07:45 PM by rocket357 rocket357 is offline
  13. Old Comment

    John 8:12

    Quote:
    Originally Posted by rocket357 View Comment
    If I am reading this correctly, would it be right for me to stand on judgement day in front of God and ask God why he didn't convince me?

    Am I missing something?
    But ultimately, at the same time, He's given you the free will to choose Him or not. He can convict you of your need for Him but the choice to agree with Him and receive Him is up to you.

    Take care...
    Posted 04-19-2016 at 06:10 PM by ardvark71 ardvark71 is offline
  14. Old Comment

    John 8:12

    Both of those links state that it is God's responsibility for convincing non-believers.

    If I am reading this correctly, would it be right for me to stand on judgement day in front of God and ask God why he didn't convince me?

    It is hard to argue with:

    "that God will convict her of her self-righteousness and her need for Christ"

    and

    "You can’t convince people to enter into that relationship. That is God’s responsibility."

    Am I missing something?
    Posted 04-19-2016 at 04:45 PM by rocket357 rocket357 is offline
  15. Old Comment

    John 8:12

    Quote:
    Originally Posted by rocket357 View Comment
    How do you, as a Christian, bring atheists (non-believers, in general) to a place where they can see the word of God for what it really is, according to your beliefs?

    (This is an honest question, I'm not trying to derail your blog again).
    Hey, my man!

    I was reading through this blog just now and I saw this question and I apologize that I didn't answer it. I think this was an honest question.

    The short answer to this would be that it's not us that does the "convincing," it's God's. Our job is simply to present the truth of Jesus Christ with others. Here are a couple articles that explain that concept in greater detail, if you'd like to read them...

    http://billygraham.org/answer/how-ca...r-sins-forgiv/

    http://christianity.net.au/questions...le_about_jesus

    Again, I apologize for not answering this earlier.

    Take care...
    Posted 04-19-2016 at 02:32 PM by ardvark71 ardvark71 is offline
  16. Old Comment
    Posted 04-15-2016 at 01:05 PM by exton exton is offline
  17. Old Comment
    Posted 04-14-2016 at 04:13 PM by exton exton is offline
  18. Old Comment

    RaspEX Build 160402: Now with Kodi (XBMC) Media Center, Bluetooth, Samba, SSH and VNC4Server

    Comment about RaspEX at SourceForge.net 160407

    "I have tried nearly all the operating systems for the Raspberry Pi 2 and 3 some are good some not so good...but head and shoulders the best by a long long way is RaspEX.....I downloaded it last night actually very early in the morning and after wasting time trying to get the networking to work sent the author a help me email. He responded very quickly and after I had reviewed my own stupidity it worked a charm. It is very fast and very familiar if you know the Debian/Ubuntu world. I urge all Raspberry Pi owners to try it you will not be disappointed."

    https://sourceforge.net/projects/raspex/
    Posted 04-08-2016 at 10:35 AM by exton exton is offline

  



All times are GMT -5. The time now is 02:25 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration