Hey everyone,
Logwatch flagged something in my Apache logs, and it says it was a
possible successful probe. Hmmm. Here's what it says:
--------------------- httpd Begin ------------------------
A total of 1 sites probed the server
66.249.137.70
A total of 2 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET
/mystuff/?g=../../../../../../../../../../../../../../../proc/self/environ%00
HTTP/1.1" 200 5231 "-" "libwww-perl/5.810"
66.249.137.70 - - [21/Aug/2010:04:56:56 -0500] "GET
/?g=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1"
200 14169 "-" "libwww-perl/5.810"
I didn't see anything on my server this morning, as I checked around it.
Is this something to be concerned about? I'm fully patched (yum updated
through this past week). Anybody else see this?
*******************************************************************************
Gilbert Sebenste ********
(My opinions only!) ******
*******************************************************************************
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
