Hey everyone,
Logwatch flagged something in my Apache logs, and it says it was a possible successful probe. Hmmm. Here's what it says:
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server 66.249.137.70
A total of 2 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /mystuff/?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 5231 "-" "libwww-perl/5.810" 66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 14169 "-" "libwww-perl/5.810"
I didn't see anything on my server this morning, as I checked around it. Is this something to be concerned about? I'm fully patched (yum updated through this past week). Anybody else see this?
******************************************************************************* Gilbert Sebenste ******** (My opinions only!) ****** *******************************************************************************