Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-29-2005, 03:52 PM   #1
LQ Newbie
Registered: Mar 2005
Location: Denmark
Distribution: Fedora Core 4 64bit
Posts: 22

Rep: Reputation: 15
Question What's this in LogWatch: "!!!! 1 possible successful probes" ?

Today I saw this in my LogWatch:
--------------------- httpd Begin ------------------------ 
 A total of 1 sites probed the server
 !!!! 1 possible successful probes 
    null HTTP Response 200 
 Requests with error response codes
    403 Forbidden
       /: 1 Time(s)
       http://XXX.XXX.XXX.XXX/awstats/ 1 Time(s)
    404 Not Found
       /favicon.ico: 28 Time(s)
       /phpBB/index.php: 1 Time(s)
       /phpBB2/index.php: 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgi-bin/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgi-bin/awstats/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgi-bin/cgi-bin/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgi/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgi/awstats/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgibin/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/cgibin/awstats/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/logs/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/scripts/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/stat/ 1 Time(s)
       http://XXX.XXX.XXX.XXX/stats/ 1 Time(s)
 ---------------------- httpd End -------------------------
It's obviously someone trying to access phpBB and awstats on my server (probing for flawed versions, I guess). I do have awstats on my server, but access is restricted to a few specific IPs (in httpd.conf) so this guy wouldn't get access even if he knew the excact url...

Is this anything to worry about?
It just looks a bit dangerous with all those exclamation points
Old 07-29-2005, 11:23 PM   #2
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
I've been seeing this scan over the last few months from some type of malware (either a scanner or a worm) that tries to exploit webservers with vulnerable versions of phpBB and awstats. Both have had several significant security holes recently, so make sure your versions are up to date. The only probe that received a successfull status code was the null probe which should normally get a successfull response (usually your index.html is served).


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reboot after "BIOS Data Check Successful" using 2.6 kernel tvynr Linux - Software 2 10-05-2005 01:28 PM
"Successful install" results in "Boot device not found" slackr007 Fedora 2 06-21-2005 05:05 PM
"Successful install" results in "Boot device not found" slackr007 Linux - Newbie 2 05-31-2005 09:02 PM
How to stop the redhat sending me e-mail called "LogWatch" automatically? chuanweizuo Red Hat 2 03-08-2005 10:19 AM
System stalls after "Bios data check successful" crash3k Mandriva 6 02-08-2005 09:10 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:26 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration