httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knute Johnson <apa...@knutejohnson.com>
Subject Re: [users@httpd] Hack?
Date Wed, 14 Dec 2011 03:33:21 GMT
On 12/13/2011 7:12 PM, Yehuda Katz wrote:
> On Tue, Dec 13, 2011 at 9:50 PM, Knute Johnson <apache@knutejohnson.com
> <mailto:apache@knutejohnson.com>> wrote:
>
>     This showed up in my log today on a Ubuntu server with Apache 2.2.17.
>
>     A total of 3 possible successful probes were detected (the following
>     URLs
>       contain strings that match one or more of a listing of strings that
>       indicate a possible exploit):
>
>         /?file=../../../../../../proc/__self/environ%00 HTTP Response 200
>         /?mod=../../../../../../proc/__self/environ%00 HTTP Response 200
>         /?page=../../../../../../proc/__self/environ%00 HTTP Response 200
>
>     This can't actually return any data can it?
>
>
> It should not return any data from Apache itself.
> It will do something if you have an application set up that chooses what
> file to display based on the query string.
>
> - Y

Thanks.  Is there some kind of application that stores data at these 
locations normally?  Some days I get hundreds of peculiar looking failed 
requests that I thought might be attacking some program that interfaces 
with apache.

Lately I've been getting a bunch of requests for null files, hundreds of 
them.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message