httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wim Lewis <w...@omnigroup.com>
Subject Re: [users@httpd] am i hacked ?
Date Mon, 06 Feb 2017 22:05:28 GMT

On 2/6/2017 8:36 AM, Jack Swan wrote:
> What upsets me is that these two requests have statuscode 200, which mean it was successfull.

As Jonesy points out, it's normal for the web server to simply ignore a request's query-string
in a request where it wouldn't mean anything. So Apache is happily returning the result of
"GET /" and ignoring the malicious probe.

If you don't have PHP installed, you're safe from whatever this is. If the user your webserver
runs as can't write to the documentroot or configuration directory, you're safe from whatever
this is. 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message