Find the answer to your Linux question:
Results 1 to 4 of 4
Hello all... On a SuSe box and trolling the mail logs of Apache 2. One of our biggest hits is something that perplexes me: 24.46.54.144 - - [14/Feb/2006:12:28:59 -0500] "GET ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2006
    Posts
    1

    Apache hacker?


    Hello all...

    On a SuSe box and trolling the mail logs of Apache 2. One of our biggest hits is something that perplexes me:

    24.46.54.144 - - [14/Feb/2006:12:28:59 -0500] "GET http://5=www.mydomain.net/guestbook/...over/index.php HTTP/1.0" 404 4155 "-" "akp niqfhmf0bjd opgf mddpeayotavpaotq"
    24.46.54.144 - - [14/Feb/2006:12:28:59 -0500] "GET http://5=www.mydomain.net/guestbook/...ches/index.php HTTP/1.0" 200 9259 "-" "yoyhMdgsytimtdyqfhlsspfqss"
    24.46.54.144 - - [14/Feb/2006:12:28:59 -0500] "GET http://5=www.mydomain.net/guestbook/...live/index.php HTTP/1.0" 200 10075 "-" "qpsf4lbuetpy4xtxsxbixfuOiofg"
    24.46.54.144 - - [14/Feb/2006:12:29:00 -0500] "GET http://5=www.mydomain.net/guestbook/...../-/index.php HTTP/1.0" 404 4155 "-" "xqlsut7hrmihpbw uesoawvpfmm"

    What exactly is this IP trying to do? It hasnt reappeared since the 14th, but I would like to at least know what's going on. As you can see the path it's trying changes constantly as well as the referrer, which is gibberish. Anyone ever seen this?

  2. #2
    Linux User
    Join Date
    Apr 2005
    Location
    Ohio
    Posts
    326
    It's probably a script or worm looking for a php page it can exploit...

    for instance..
    http://www.theregister.co.uk/2006/02/20/linux_worm/
    far...out

  3. #3
    Just Joined!
    Join Date
    Mar 2006
    Posts
    16

    Can u help me please.

    Haiii, when i had seen ur post i was much interested on whats happening. I dont understand where u had seen messages whether in log files. I dont have any problem currently but i was interested to know so that i can check it out. since we are having an web server and i have to maintain its security.
    Please help me and even post what u had done to come out of it.

  4. #4
    Linux User muha's Avatar
    Join Date
    Jan 2006
    Posts
    290
    @kiran ky: i don't understand what you are asking but ...
    To check your errorlog try (as root):
    Code:
    httpd2 -V
    This shows you where the errorlog is located. Also i think ejdbroker was posting bits from the accesslog.
    On my machine the errorlog and accesslog are in the same folder: /var/log/apache2/

    @kiran ky: can you put your distribution in your profile (in this forum) so we can see what you are using, thanks
    Now what? You have Linux installed and running. The GUI is working fine, but you are getting tired of changing your desktop themes. You keep seeing this "terminal" thing. Don't worry, they'll show you what to do @
    <~ http://www.linuxcommand.org/ ~>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •