[CentOS] Strange Apache log entry

Gilbert Sebenste

sebenste at weather.admin.niu.edu
Sun Aug 22 13:53:45 UTC 2010


Hey everyone,

Logwatch flagged something in my Apache logs, and it says it was a 
possible successful probe. Hmmm. Here's what it says:

  --------------------- httpd Begin ------------------------

  A total of 1 sites probed the server
     66.249.137.70

  A total of 2 possible successful probes were detected (the following URLs
  contain strings that match one or more of a listing of strings that
  indicate a possible exploit):

66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /mystuff/?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 5231 "-" "libwww-perl/5.810"
66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET /?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 14169 "-" "libwww-perl/5.810"

I didn't see anything on my server this morning, as I checked around it. 
Is this something to be concerned about? I'm fully patched (yum updated 
through this past week). Anybody else see this?

*******************************************************************************
Gilbert Sebenste                                                     ********
(My opinions only!)                                                  ******
*******************************************************************************



More information about the CentOS mailing list