You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Chandran Manikandan <te...@gmail.com> on 2013/12/31 05:18:32 UTC

[users@httpd] How to fix this issue for httpd service

Dear All,
I had running logwatch and below message is showing. Is this for someone
hacking the server. How to fix this issue. Could anyone help me this issue.

 --------------------- httpd Begin ------------------------





 A total of 6 sites probed the server

    151.217.100.54

    198.20.69.74

    198.20.70.114

    54.194.171.185

    54.205.176.247

    71.207.186.58



 Requests with error response codes

    401 Unauthorized

       /admin-toaster: 1 Time(s)

       /admin-toaster/: 1 Time(s)

       /mail/vqadmin/toaster.vqadmin: 1 Time(s)

    404 Not Found

       //phppath/php: 2 Time(s)

       /HNAP1/: 2 Time(s)

       /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
Time(s)

       /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
Time(s)

       /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
Time(s)

       /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
Time(s)

       /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% ... 76%3D%30+%2D%6E: 8
Time(s)

       /daily-18303.cdiff: 1 Time(s)

       /daily-18304.cdiff: 1 Time(s)

       /daily-18305.cdiff: 1 Time(s)

       /daily.cvd: 12 Time(s)

       /favicon.ico: 7 Time(s)

       /manager/html: 2 Time(s)

       /robots.txt: 9 Time(s)

       /wordpress/wp-admin/: 1 Time(s)

       /wp-admin/: 2 Time(s)

    405 Method Not Allowed

       /bkup: 2 Time(s)

    500 Internal Server Error

       /: 6 Time(s)

       /qmailadmin/: 1 Time(s)

    501 Not Implemented

       null: 10 Time(s)



 ---------------------- httpd End -------------------------

-- 
*Thanks,*
*Manikandan.C*
*System Administrator*

Re: [users@httpd] How to fix this issue for httpd service

Posted by Lester Caine <le...@lsces.co.uk>.

Chandran Manikandan wrote:
> Hi Lester,
> Yes i am blocking via iptables those ip's . Is there any permanent solution there.

You are missing the point ... these guys will be moving around weekly so what 
worked last week will be different next week. It's just an irritation we live 
with rather than something there will ever be a permanent solution for :(

Best we can do is just irritate them back by feeding useless material so they 
get fed up trying.

>     Chandran Manikandan wrote:
>
>         Dear All,
>         I had running logwatch and below message is showing. Is this for someone
>         hacking
>         the server. How to fix this issue. Could anyone help me this issue.
>
>     Chandran
>
>     What do you think needs fixing?
>
>     We all get hackers trying to find out what software we are running and I
>     regularly see reams of entries trying every combination of MySQL possible
>     web software URL's ... which makes me chuckle since I never run it on
>     production machines. In the past I used to spend time blocking persistent
>     hackers using the same IP address a lot, but nowadays I've resorted to
>     simply forwarding a few key URL's back to Google. Anything with mysql in the
>     URL returns a google lookup of the IP address for instance :) But I've even
>     got that switched off at the moment and am not seeing much 'suspect' traffic.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to fix this issue for httpd service

Posted by Chandran Manikandan <te...@gmail.com>.

Hi Lester,
Yes i am blocking via iptables those ip's . Is there any permanent solution
there.


On Tue, Dec 31, 2013 at 8:55 PM, Lester Caine <le...@lsces.co.uk> wrote:

> Chandran Manikandan wrote:
>
>> Dear All,
>> I had running logwatch and below message is showing. Is this for someone
>> hacking
>> the server. How to fix this issue. Could anyone help me this issue.
>>
>
> Chandran
>
> What do you think needs fixing?
>
> We all get hackers trying to find out what software we are running and I
> regularly see reams of entries trying every combination of MySQL possible
> web software URL's ... which makes me chuckle since I never run it on
> production machines. In the past I used to spend time blocking persistent
> hackers using the same IP address a lot, but nowadays I've resorted to
> simply forwarding a few key URL's back to Google. Anything with mysql in
> the URL returns a google lookup of the IP address for instance :) But I've
> even got that switched off at the moment and am not seeing much 'suspect'
> traffic.
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk
> Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>


-- 
*Thanks,*
*Manikandan.C*
*System Administrator*

Re: [users@httpd] How to fix this issue for httpd service

Posted by Lester Caine <le...@lsces.co.uk>.

Chandran Manikandan wrote:
> Dear All,
> I had running logwatch and below message is showing. Is this for someone hacking
> the server. How to fix this issue. Could anyone help me this issue.

Chandran

What do you think needs fixing?

We all get hackers trying to find out what software we are running and I 
regularly see reams of entries trying every combination of MySQL possible web 
software URL's ... which makes me chuckle since I never run it on production 
machines. In the past I used to spend time blocking persistent hackers using the 
same IP address a lot, but nowadays I've resorted to simply forwarding a few key 
URL's back to Google. Anything with mysql in the URL returns a google lookup of 
the IP address for instance :) But I've even got that switched off at the moment 
and am not seeing much 'suspect' traffic.

-- 
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] How to fix this issue for httpd service

Posted by Fred Miller <fj...@gmail.com>.

Please take me off this email list. I've already unsubscribed.


On Mon, Dec 30, 2013 at 11:18 PM, Chandran Manikandan
<te...@gmail.com>wrote:

> Dear All,
> I had running logwatch and below message is showing. Is this for someone
> hacking the server. How to fix this issue. Could anyone help me this issue.
>
>  --------------------- httpd Begin ------------------------
>
>
>
>
>
>  A total of 6 sites probed the server
>
>     151.217.100.54
>
>     198.20.69.74
>
>     198.20.70.114
>
>     54.194.171.185
>
>     54.205.176.247
>
>     71.207.186.58
>
>
>
>  Requests with error response codes
>
>     401 Unauthorized
>
>        /admin-toaster: 1 Time(s)
>
>        /admin-toaster/: 1 Time(s)
>
>        /mail/vqadmin/toaster.vqadmin: 1 Time(s)
>
>     404 Not Found
>
>        //phppath/php: 2 Time(s)
>
>        /HNAP1/: 2 Time(s)
>
>        /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
> Time(s)
>
>        /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
> Time(s)
>
>        /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
> Time(s)
>
>        /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
> Time(s)
>
>        /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% ... 76%3D%30+%2D%6E: 8
> Time(s)
>
>        /daily-18303.cdiff: 1 Time(s)
>
>        /daily-18304.cdiff: 1 Time(s)
>
>        /daily-18305.cdiff: 1 Time(s)
>
>        /daily.cvd: 12 Time(s)
>
>        /favicon.ico: 7 Time(s)
>
>        /manager/html: 2 Time(s)
>
>        /robots.txt: 9 Time(s)
>
>        /wordpress/wp-admin/: 1 Time(s)
>
>        /wp-admin/: 2 Time(s)
>
>     405 Method Not Allowed
>
>        /bkup: 2 Time(s)
>
>     500 Internal Server Error
>
>        /: 6 Time(s)
>
>        /qmailadmin/: 1 Time(s)
>
>     501 Not Implemented
>
>        null: 10 Time(s)
>
>
>
>  ---------------------- httpd End -------------------------
>
> --
> *Thanks,*
> *Manikandan.C*
> *System Administrator*
>