You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2007/11/09 03:28:04 UTC
[Fwd: Re: HTML request accesses my router]
/ignore - sorry for the noise.
-------- Original Message --------
Subject: Re: HTML request accesses my router
Date: Thu, 08 Nov 2007 19:17:59 -0500
From: Eric Maurier <er...@ross-tech.com>
Organization: Ross-Tech.com
To: Apache Security Response Team <se...@apache.org>
CC: Uwe Ross <Uw...@Ross-Tech.com>
References: <Pi...@pingu.awe.com>
Mark,
turns out it was not Apache (problem still appeared with the service
disabled), but rather the router that opens its login screen when you
type the name or WAN IP of the local machine inside a browser, even
without requesting a page :-)
So "update.ross-tech.com" and
"update.ross-tech.com/?U=AVCD2&A=files&K=MyBqLMOX1oyrxXuZyncTHOhIl971hpusExNuqkz1vkCJajE+TcQq4d+s1gA="
would trigger the "problem" but not "127.0.0.1" or
"127.0.0.1/?U=AVCD2&A=files&K=MyBqLMOX1oyrxXuZyncTHOhIl971hpusExNuqkz1vkCJajE+TcQq4d+s1gA="
, both regardless of apache running.
We verified that this somewhat harmless problem happens with our update
server that's on a Linksys as well as our main desktops that run off a
Netgear; in any case, not an Apache problem, sorry for having wasted
your time :-)
Best,
Eric
Apache Security Response Team wrote:
> Dear Eric Maurier:
>
> I've not seen this before, although a google search of "AVCD2 files" does
> find some similar looking urls.
>
> Does the request get logged on your server even if you access it locally
> (and end up at your router auth screen)? You could narrow this down a bit
> by turning off your server and seeing if you get the same result (in which
> case it's perhaps possible some trojan on your system is redirecting the
> request. If it still looks like Apache, try removing or disabling
> modules. Let us know if you figure this out in the event we get other
> similar reports.
>
> Thank you, Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: security-unsubscribe@apache.org
For additional commands, e-mail: security-help@apache.org
Re: [Fwd: Re: HTML request accesses my router]
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
Eric,
once a year, forwarding notices from security@apache to security@httpd.apache
I completely screw up and let autocomplete pick up dev@ - I'm sorry this just
occurred and want to be certain you are aware ASAP!
Fortunately it does seem to be a local access junction, most router hardware
will let you configure it to be public or private (not recognizing the big bad
web of external IP's and it certainly appears that this was the case for you.
Cute page. I hope you'll forgive my fat fingers, I'm not nearly as quick to
click send (or dismiss) reports when they appear to impact our software.
Bill