LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   A total of 2 possible successful probes were detected (https://www.linuxquestions.org/questions/linux-security-4/a-total-of-2-possible-successful-probes-were-detected-4175458681/)

jpdw 04-18-2013 03:35 PM
A total of 2 possible successful probes were detected
 
Should i be worried about this logwatch Log?

A total of 2 sites probed the server
114.251.150.133
87.98.230.80

A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):

/horde/util/barcode.php?type=../../../../../../../../../../../var/log/psa-horde.log%00 HTTP Response 200
/horde/util/barcode.php?type=../../../../../../../../../../../var/log/psa-horde/psa-horde.log%00 HTTP Response 200

Requests with error response codes
400 Bad Request
/: 2 Time(s)
/w00tw00t.at.ISC.SANS.DFind:): 2 Time(s)
/w00tw00t.at.ISC.SANS.Win32:): 2 Time(s)
404 Not Found
//wp-login.php: 1 Time(s)
/PMA/main.php: 4 Time(s)
/admin/main.php: 4 Time(s)
/favicon.ico: 4 Time(s)
/horde/services/help/?show=about: 2 Time(s)
/manager/html: 2 Time(s)
/myadmin/main.php: 4 Time(s)
/mysql/main.php: 4 Time(s)
/page9.html: 1 Time(s)
/phpMyAdmin/main.php: 4 Time(s)
/phpmyadmin/main.php: 4 Time(s)
/robots.txt: 13 Time(s)
/sql/main.php: 4 Time(s)
/vtigercrm/graph.php?current_language=../. ... Accounts&action: 1 Time(s)

---------------------- httpd End -------------------------

unSpawn 04-18-2013 04:38 PM
Return code 200 means the request succeeded. And simply put log files should be writable by daemons but not readable.


All times are GMT -5. The time now is 11:04 AM.