httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knute Johnson <>
Subject Re: [users@httpd] Hack?
Date Wed, 14 Dec 2011 03:33:21 GMT
On 12/13/2011 7:12 PM, Yehuda Katz wrote:
> On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <
> <>> wrote:
>     This showed up in my log today on a Ubuntu server with Apache 2.2.17.
>     A total of 3 possible successful probes were detected (the following
>     URLs
>       contain strings that match one or more of a listing of strings that
>       indicate a possible exploit):
>         /?file=../../../../../../proc/__self/environ%00 HTTP Response 200
>         /?mod=../../../../../../proc/__self/environ%00 HTTP Response 200
>         /?page=../../../../../../proc/__self/environ%00 HTTP Response 200
>     This can't actually return any data can it?
> It should not return any data from Apache itself.
> It will do something if you have an application set up that chooses what
> file to display based on the query string.
> - Y

Thanks.  Is there some kind of application that stores data at these 
locations normally?  Some days I get hundreds of peculiar looking failed 
requests that I thought might be attacking some program that interfaces 
with apache.

Lately I've been getting a bunch of requests for null files, hundreds of 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message