logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Log Help
Author
rewesh



Joined: 10 Sep 2010
Posts: 2

PostPosted: Fri 10 Sep '10 19:53    Post subject: Log Help Reply with quote

I have this portion of the log file, First, what is someone trying to do?
Second in the middle of the log there are some line that i can not understand, the one which " http://www.bubububu.007sites.com/c
=> `c'
Resolving www.bubububu.007sites.com... 74.114.116.107
Connecting to www.bubububu.007sites.com|74.114.116.107|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,745 (28K) [text/html]

0K .......... .......... ........ 100% 77.45 KB/s

09:45:49 (77.45 KB/s) - `c' saved [28745/28745]" Does that mean that a file has been downloaded or uploded to my server and where , i can not find any files or do not have any files with that name on my server.

And also these two lines
"sh: curl: command not found
perl: no process killed
"

Thanks

Code:

[Tue Sep 07 16:44:16 2010] [error] [client 67.195.112.175] File does not exist: /var/www/mysoundcage/robots.txt
[Tue Sep 07 17:34:22 2010] [error] [client 208.191.153.193] File does not exist: /var/www/mysoundcage/cgi-bin
[Tue Sep 07 17:34:22 2010] [error] [client 208.191.153.193] script not found or unable to stat: /usr/lib/cgi-bin/awstats.pl

[Wed Sep 08 09:37:31 2010] [error] [client 95.108.150.235] File does not exist: /var/www/mysoundcage/robots.txt
--09:45:47-- http://www.bubububu.007sites.com/c
=> `c'
Resolving www.bubububu.007sites.com... 74.114.116.107
Connecting to www.bubububu.007sites.com|74.114.116.107|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 28,745 (28K) [text/html]

0K .......... .......... ........ 100% 77.45 KB/s

09:45:49 (77.45 KB/s) - `c' saved [28745/28745]

sh: curl: command not found
perl: no process killed
[Wed Sep 08 12:09:45 2010] [error] [client 199.172.169.86] Client sent malformed Host header
[Wed Sep 08 12:40:49 2010] [error] [client 89.121.253.227] File does not exist: /var/www/mysoundcage/phpmyadmin


Modnote: I killed all the crap from log file. Please read the forum rules!
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Tue 14 Sep '10 23:38    Post subject: Reply with quote

I guess someone might broke in server and executed some command via script. Or you use a software / script that do that things.
Back to top
rewesh



Joined: 10 Sep 2010
Posts: 2

PostPosted: Wed 15 Sep '10 6:55    Post subject: Reply with quote

Sorry for posting a big portion of the log but it was to show the amount of tries so it can help someone in the diagnosis.
No i do not have a script or a software. So does anyone understand from that log if the attacker is trying to upload a file or download and has it been a success or not. and how to prevent this repeated attack. Thanks
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg

PostPosted: Wed 15 Sep '10 22:06    Post subject: Reply with quote

Best practice to keep hackers outside is to update your OS as soons there is an update and use software / scripts you trust and keep it also up to date. Secondly run only less daemons on the server as possible. Don't use unsecure / unencrypted services you connect to. I won't call myself a linux expert. So you better ask there how to secure the linux.
Questions about apache are here welcome Smile
Back to top


Reply to topic   Topic: Log Help View previous topic :: View next topic
Post new topic   Forum Index -> Apache