A total of 2 possible successful probes were detected
Should i be worried about this logwatch Log?
A total of 2 sites probed the server 114.251.150.133 87.98.230.80 A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /horde/util/barcode.php?type=../../../../../../../../../../../var/log/psa-horde.log%00 HTTP Response 200 /horde/util/barcode.php?type=../../../../../../../../../../../var/log/psa-horde/psa-horde.log%00 HTTP Response 200 Requests with error response codes 400 Bad Request /: 2 Time(s) /w00tw00t.at.ISC.SANS.DFind:): 2 Time(s) /w00tw00t.at.ISC.SANS.Win32:): 2 Time(s) 404 Not Found //wp-login.php: 1 Time(s) /PMA/main.php: 4 Time(s) /admin/main.php: 4 Time(s) /favicon.ico: 4 Time(s) /horde/services/help/?show=about: 2 Time(s) /manager/html: 2 Time(s) /myadmin/main.php: 4 Time(s) /mysql/main.php: 4 Time(s) /page9.html: 1 Time(s) /phpMyAdmin/main.php: 4 Time(s) /phpmyadmin/main.php: 4 Time(s) /robots.txt: 13 Time(s) /sql/main.php: 4 Time(s) /vtigercrm/graph.php?current_language=../. ... Accounts&action: 1 Time(s) ---------------------- httpd End ------------------------- |
Return code 200 means the request succeeded. And simply put log files should be writable by daemons but not readable.
|
All times are GMT -5. The time now is 11:04 AM. |