[CentOS] Strange Apache log entry
Gilbert Sebenste
sebenste at weather.admin.niu.edu
Sun Aug 22 22:33:31 UTC 2010
On Sun, 22 Aug 2010, Gordon Messmer wrote:
> No, they didn't. That's why you were warned that it was a potentially
> successful probe.
>
> The exploit requires that you are running php and have a script that
> includes a file referenced by the global variable "g" (or maybe the http
> request varible "g"). You should check the files that appear at the
> URLs indicated in your logs. If any of those files are php, then you
> should further check those to see if they might include files based on
> the "g" variable. If so, you may have been compromised.
Hello Gordon,
Thanks...you are right, those aren't 404 errors, I was looking at
something else. I checked through my logs, checked a bunch of files,
directories, and such...everything appears to be in order. I tried the
URL's they tried and all I got was my website and a 404 error for the two
links. I do have PHP installed, but I don't have any PHP scripts
running. If anyone else has any other suggestions, though, I'll keep
digging.
*******************************************************************************
Gilbert Sebenste ********
(My opinions only!) ******
Staff Meteorologist, Northern Illinois University ****
E-mail: sebenste at weather.admin.niu.edu ***
web: http://weather.admin.niu.edu **
*******************************************************************************
More information about the CentOS
mailing list