[Wylug-help] logwatch
Roger
roger at roger-beaumont.co.uk
Mon Jun 28 22:14:40 UTC 2010
Hi,
I serve a number of websites up-line from my LAN server to the internet.
logwatch often reports probes - by far most unsuccessful.
AFAIK the majority of 'successful' probes actually only show the hackers
a root page.
My question is because logwatch doesn't report which site (they are all
on the same IP number) was probed. Today the report includes:
------------------------------------------------------------------
A total of 2 sites probed the server
200.63.97.74
213.251.189.204
A total of 2 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
//?page=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00
HTTP Response 200
//?page=../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ
HTTP Response 200
------------------------------------------------------------------
Does anyone know a short-cut to testing out which site those might have
been? Basically, how can I see which log files logwatch has been watching?
(or any useful answer to the question I should have asked...)
Roger
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Wylug-help
mailing list