Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Dealing with webapp security scans
- Date: Thu, 28 Feb 2008 12:03:04 +0900
- From: "Nguyen Vu Hung" <vuhung16plus+shape@example.com>
- Subject: [tlug] Dealing with webapp security scans
Hi,
Recently I have observed that my server are being scanned for security
breaches.
From Apache's log[1], I saw that most of the HTTP requests which
connections originate from compromised web servers.
The scanners scan for security breaches all over the Internet. When if
finds a hole to be in, it try to get a script ( for example,
advguestbook//img/verid.txt - see [1], scroll down ) from a remote
host with one of the tools available on the system ( curl,
libwww-perl's GET or lwp-download, fetch, lynx --sources ) and execute
it. On my server, it looks like that they are scanning for a PHPBB's
security hole.
Question: How to deal with those compromised web servers? They are
hacked and being used as 踏み台. Should I report them? If so, where to to
report?
[1] http://aoclife.ddo.jp/~vuhung/tmp/tlug/grep.libwww-perl.httpd.access.log.txt
--
Best Regards,
Nguyen Hung Vu ( Nguyễn Vũ Hưng )
vuhung16plus{remove}@example.com
An inquisitive look at Harajuku
http://www.flickr.com/photos/vuhung/sets/72157600109218238/
- Follow-Ups:
- Re: [tlug] Dealing with webapp security scans
- From: Godwin Stewart
- Re: [tlug] Dealing with webapp security scans
- Prev by Date: Re: [tlug] Visio-to-PNG Batch Conversion - Possible?
- Next by Date: Re: [tlug] Dealing with webapp security scans
- Previous by thread: Re: [tlug] Open Source Conference 2008 this weekend
- Next by thread: Re: [tlug] Dealing with webapp security scans
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |