LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-06-2005, 04:29 AM   #1
dominant
Member
 
Registered: Jan 2004
Posts: 409

Rep: Reputation: 30
httpd weird logs


Hi to all

I checked the error_log of the apache (apache-1.3.28-77)
and i noticed the following

Code:
gunzip: stdout: Broken pipe

gunzip: stdout: Broken pipe

gunzip: stdout: Broken pipe
Do you know what does this mean?
 
Old 02-07-2005, 09:53 AM   #2
dominant
Member
 
Registered: Jan 2004
Posts: 409

Original Poster
Rep: Reputation: 30
any ideas?
 
Old 02-07-2005, 11:17 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
My first thoughts were that it might be a failed part of an exploit or at least someone remotely using apache to upload and unpack a file. However, there aren't any known public vulnerabilities with that Apache version that would allow remote arbitrary code execution under normal circumstances, though your Apache version is old vulnerable to several local exploits and should be upgraded to a more recent version. Of course that doesn't rule out a 0-day Apache exploit.

The other possibility would be something got borked during a logrotate session or an Apache restart (some of the config and modules are compressed), so you might want to take a look at the times of those errors and compare them to your http log rotation schedule or to any Apache restarts.

Last edited by Capt_Caveman; 02-07-2005 at 11:19 PM.
 
Old 02-08-2005, 05:42 AM   #4
dominant
Member
 
Registered: Jan 2004
Posts: 409

Original Poster
Rep: Reputation: 30
Hello.

I have patched the apache with the latest patch that Suse issued (apache-1.3.28-77). (is apache still vulnerable???)

The errors have nothing to do with log rotation.
These errors should be reported to the /var/log/messages then.(if i am right)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
are these logs weird? simcox1 Linux - Security 6 11-29-2005 01:22 PM
httpd logs - what to do? cambie Linux - Software 4 10-29-2004 10:15 PM
Webalizer -c /etc/config1.conf Returns /etc/httpd/logs MadTurki Linux - General 1 03-31-2004 08:33 AM
Weird Logs: Am I being hacked? KingofBLASH Linux - Security 1 09-29-2003 02:38 PM
Weird Logs: Am I being hacked? KingofBLASH Slackware 2 09-29-2003 01:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration