You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Chandran Manikandan <te...@gmail.com> on 2013/12/31 05:18:32 UTC
[users@httpd] How to fix this issue for httpd service
Dear All,
I had running logwatch and below message is showing. Is this for someone
hacking the server. How to fix this issue. Could anyone help me this issue.
--------------------- httpd Begin ------------------------
A total of 6 sites probed the server
151.217.100.54
198.20.69.74
198.20.70.114
54.194.171.185
54.205.176.247
71.207.186.58
Requests with error response codes
401 Unauthorized
/admin-toaster: 1 Time(s)
/admin-toaster/: 1 Time(s)
/mail/vqadmin/toaster.vqadmin: 1 Time(s)
404 Not Found
//phppath/php: 2 Time(s)
/HNAP1/: 2 Time(s)
/cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
Time(s)
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
Time(s)
/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
Time(s)
/cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
Time(s)
/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% ... 76%3D%30+%2D%6E: 8
Time(s)
/daily-18303.cdiff: 1 Time(s)
/daily-18304.cdiff: 1 Time(s)
/daily-18305.cdiff: 1 Time(s)
/daily.cvd: 12 Time(s)
/favicon.ico: 7 Time(s)
/manager/html: 2 Time(s)
/robots.txt: 9 Time(s)
/wordpress/wp-admin/: 1 Time(s)
/wp-admin/: 2 Time(s)
405 Method Not Allowed
/bkup: 2 Time(s)
500 Internal Server Error
/: 6 Time(s)
/qmailadmin/: 1 Time(s)
501 Not Implemented
null: 10 Time(s)
---------------------- httpd End -------------------------
--
*Thanks,*
*Manikandan.C*
*System Administrator*
Re: [users@httpd] How to fix this issue for httpd service
Posted by Lester Caine <le...@lsces.co.uk>.
Chandran Manikandan wrote:
> Hi Lester,
> Yes i am blocking via iptables those ip's . Is there any permanent solution there.
You are missing the point ... these guys will be moving around weekly so what
worked last week will be different next week. It's just an irritation we live
with rather than something there will ever be a permanent solution for :(
Best we can do is just irritate them back by feeding useless material so they
get fed up trying.
> Chandran Manikandan wrote:
>
> Dear All,
> I had running logwatch and below message is showing. Is this for someone
> hacking
> the server. How to fix this issue. Could anyone help me this issue.
>
> Chandran
>
> What do you think needs fixing?
>
> We all get hackers trying to find out what software we are running and I
> regularly see reams of entries trying every combination of MySQL possible
> web software URL's ... which makes me chuckle since I never run it on
> production machines. In the past I used to spend time blocking persistent
> hackers using the same IP address a lot, but nowadays I've resorted to
> simply forwarding a few key URL's back to Google. Anything with mysql in the
> URL returns a google lookup of the IP address for instance :) But I've even
> got that switched off at the moment and am not seeing much 'suspect' traffic.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to fix this issue for httpd service
Posted by Chandran Manikandan <te...@gmail.com>.
Hi Lester,
Yes i am blocking via iptables those ip's . Is there any permanent solution
there.
On Tue, Dec 31, 2013 at 8:55 PM, Lester Caine <le...@lsces.co.uk> wrote:
> Chandran Manikandan wrote:
>
>> Dear All,
>> I had running logwatch and below message is showing. Is this for someone
>> hacking
>> the server. How to fix this issue. Could anyone help me this issue.
>>
>
> Chandran
>
> What do you think needs fixing?
>
> We all get hackers trying to find out what software we are running and I
> regularly see reams of entries trying every combination of MySQL possible
> web software URL's ... which makes me chuckle since I never run it on
> production machines. In the past I used to spend time blocking persistent
> hackers using the same IP address a lot, but nowadays I've resorted to
> simply forwarding a few key URL's back to Google. Anything with mysql in
> the URL returns a google lookup of the IP address for instance :) But I've
> even got that switched off at the moment and am not seeing much 'suspect'
> traffic.
>
> --
> Lester Caine - G8HFL
> -----------------------------
> Contact - http://lsces.co.uk/wiki/?page=contact
> L.S.Caine Electronic Services - http://lsces.co.uk
> EnquirySolve - http://enquirysolve.com/
> Model Engineers Digital Workshop - http://medw.co.uk
> Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
*Thanks,*
*Manikandan.C*
*System Administrator*
Re: [users@httpd] How to fix this issue for httpd service
Posted by Lester Caine <le...@lsces.co.uk>.
Chandran Manikandan wrote:
> Dear All,
> I had running logwatch and below message is showing. Is this for someone hacking
> the server. How to fix this issue. Could anyone help me this issue.
Chandran
What do you think needs fixing?
We all get hackers trying to find out what software we are running and I
regularly see reams of entries trying every combination of MySQL possible web
software URL's ... which makes me chuckle since I never run it on production
machines. In the past I used to spend time blocking persistent hackers using the
same IP address a lot, but nowadays I've resorted to simply forwarding a few key
URL's back to Google. Anything with mysql in the URL returns a google lookup of
the IP address for instance :) But I've even got that switched off at the moment
and am not seeing much 'suspect' traffic.
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] How to fix this issue for httpd service
Posted by Fred Miller <fj...@gmail.com>.
Please take me off this email list. I've already unsubscribed.
On Mon, Dec 30, 2013 at 11:18 PM, Chandran Manikandan
<te...@gmail.com>wrote:
> Dear All,
> I had running logwatch and below message is showing. Is this for someone
> hacking the server. How to fix this issue. Could anyone help me this issue.
>
> --------------------- httpd Begin ------------------------
>
>
>
>
>
> A total of 6 sites probed the server
>
> 151.217.100.54
>
> 198.20.69.74
>
> 198.20.70.114
>
> 54.194.171.185
>
> 54.205.176.247
>
> 71.207.186.58
>
>
>
> Requests with error response codes
>
> 401 Unauthorized
>
> /admin-toaster: 1 Time(s)
>
> /admin-toaster/: 1 Time(s)
>
> /mail/vqadmin/toaster.vqadmin: 1 Time(s)
>
> 404 Not Found
>
> //phppath/php: 2 Time(s)
>
> /HNAP1/: 2 Time(s)
>
> /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
> Time(s)
>
> /cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F ... 76%3D%30+%2D%6E: 8
> Time(s)
>
> /cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
> Time(s)
>
> /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75 ... 76%3D%30+%2D%6E: 8
> Time(s)
>
> /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75% ... 76%3D%30+%2D%6E: 8
> Time(s)
>
> /daily-18303.cdiff: 1 Time(s)
>
> /daily-18304.cdiff: 1 Time(s)
>
> /daily-18305.cdiff: 1 Time(s)
>
> /daily.cvd: 12 Time(s)
>
> /favicon.ico: 7 Time(s)
>
> /manager/html: 2 Time(s)
>
> /robots.txt: 9 Time(s)
>
> /wordpress/wp-admin/: 1 Time(s)
>
> /wp-admin/: 2 Time(s)
>
> 405 Method Not Allowed
>
> /bkup: 2 Time(s)
>
> 500 Internal Server Error
>
> /: 6 Time(s)
>
> /qmailadmin/: 1 Time(s)
>
> 501 Not Implemented
>
> null: 10 Time(s)
>
>
>
> ---------------------- httpd End -------------------------
>
> --
> *Thanks,*
> *Manikandan.C*
> *System Administrator*
>