httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nigel Peck - MIS Web Design" <ni...@miswebdesign.com>
Subject RE: [users@httpd] "sumthin" attack?
Date Sat, 29 Mar 2003 12:23:12 GMT
Sumthin here about sumthin too:
http://lists.jammed.com/incidents/2002/10/0157.html

Get about 1 request a day here for it.

Cheers,
Nigel

MIS Web Design
http://www.miswebdesign.com/


> -----Original Message-----
> From: David Tonhofer [mailto:d.tonhofer@m-plify.com]
> Sent: 29 March 2003 09:30
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] "sumthin" attack?
>
>
> Yeah I have had it too for a few months. Possibly something to
> worry about,
> possibly not...there's lots of nosy & noisy things out there.
>
> Setting up:
>
>   "Redirect gone /sumthin"
>
> in httpd.conf takes care of that, at least of the entries in the logfile.
>
> Some other proposals about what to do with spooky stuff:
>
>   http://marc.theaimsgroup.com/?l=apache-httpd-users&m=103903340927032&w=2
>   http://marc.theaimsgroup.com/?l=apache-httpd-users&m=103902402113880&w=2
>   http://marc.theaimsgroup.com/?l=apache-httpd-users&m=103901845706383&w=2
>
> Looking further, I found a discussion on scurityfocus about the /sumthin
> attack:
>
> http://www.securityfocus.com/archive/75/309924
> http://www.securityfocus.com/archive/75/309841
> http://www.securityfocus.com/archive/75/313348
> http://www.securityfocus.com/archive/75/313283   <-- source code O_o
> http://www.securityfocus.com/archive/75/313323
>
> ...looks like it's a version scanner that checks for exploitable
> Apache 1.3
> installations? I will leave further investigations to the people who
> are interested in that, I wanted to go out and do the shopping this
> morning,
> OMG...
>
> Best regards,
>
> 	-- David
>
>
>
>
> --On Friday, March 28, 2003 7:45 PM -0600 Lewis Watson <lists@visionsix.c
> >
> > Looks like I have sumthin/ in my logs too. Thats pretty freaky. I have
> > noticed it for a couple of months now. It returns a 404 error...
> > Lewis
> >
> >
> >
> > ---------------------------------------------------------------------
> > The official User-To-User support forum of the Apache HTTP
> Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for more info.
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> >    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message