PHP Developers Network
http://forums.devnetwork.net/

I see some strange log activity...
http://forums.devnetwork.net/viewtopic.php?f=34&t=137442
Page 1 of 1

Author:  sepoto [ Wed Feb 20, 2013 8:04 pm ]
Post subject:  I see some strange log activity...


Author:  Benjamin [ Wed Feb 20, 2013 8:17 pm ]
Post subject:  Re: I see some strange log activity...

Sure, but those files don't exist so in this case a 404 error was sent.

Author:  sepoto [ Wed Feb 20, 2013 8:22 pm ]
Post subject:  Re: I see some strange log activity...

Thanks... I'll bear that in mind the next time I see something like those entries.

Author:  requinix [ Wed Feb 20, 2013 9:12 pm ]
Post subject:  Re: I see some strange log activity...

Google. First one is tied to a remote command execution exploit in a spam filtering product, second is apparently scanned by the Morfeus bot and "often associated with Drupal".

Author:  mecha_godzilla [ Thu Feb 21, 2013 8:46 pm ]
Post subject:  Re: I see some strange log activity...

Hi,

If you're using a Un*x server then it would be a good idea to install logwatch or something similar if you have the necessary privileges and want to keep an eye on what's going on - in most cases these HTTP requests will just give 404 responses (as requinix has suggested) because some script kiddie is running them and doesn't understand that the exploits included in a five year old Perl script they found on the 'Net yesterday might not work in 2013. If it becomes a *real* problem then you can always create some iptables rules - I was getting hundreds of "/w00tw00t"-style requests every day at one point so I added a rule that does nothing for 60 seconds and then drops the request. Remember, you can't stop people from trying to access your server but you can at least slow them down and make life difficult for them.

You should also make sure that any 3rd party applications you're currently running are up-to-date, because automated exploits can still be effective in this context - there are thousands of sites out there that run ancient versions of Joomla!/osCommerce/Actinic because the site owner doesn't have the money or inclination to pay a developer to update the software for them, which in itself is a fairly arduous task with some software.

If you haven't already done so and have a Un*x server, make sure you also have denyhosts installed.

That (unpaid-for) infomercial was brought to you today by logwatch, iptables and denyhosts, and also by the letters "P", "H", and "P"... :mrgreen:

HTH,

Mecha Godzilla

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/