Jump to content
The Uniform Server Community

Talking about Uniserver Security


Yoni
 Share

Recommended Posts

This is why everyone should be concerned about the web server security. There are scripts kiddies messing around all day long and trying to find vulnerabilities in your web server.

 

[Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file

[Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin

[Wed Jan 11 19:48:14 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin

[Wed Jan 11 19:48:15 2012] [error] [client 218.80.254.134] File does not exist: D:/UniServer/www/admin

[Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] (20024)The given path is misformatted or contained invalid characters: Cannot map GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1 to file

[Wed Jan 11 23:58:20 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpMyAdmin

[Wed Jan 11 23:58:21 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/phpmyadmin

[Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/pma

[Wed Jan 11 23:58:22 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/myadmin

[Wed Jan 11 23:58:23 2012] [error] [client 119.60.2.40] File does not exist: D:/UniServer/www/MyAdmin

[Thu Jan 12 13:14:10 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/vhosts

[Thu Jan 12 13:14:11 2012] [error] [client 173.226.105.226] File does not exist: D:/UniServer/www/ehcp

 

Never doubt it, even when you don't see it on a daily basis, it is happening.

This is when your apache rules rule! The rest is taken care by the firewall...

<p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p>

Link to comment
Share on other sites

  • 2 weeks later...

So what was it they were trying to do?

Most of the time you want to attack the weakest spot on a server. Hackers are smart enough to understand that your server is as secure as the weakest vulnerability they can target. They ain't doing anything in specific at that point. They are just trying to map the setup there. If they can find something like phpmyadmin, admin page of any kind or applications that are not secured by default then they already have a target. Brute forcing your admin login (or any login) against a 30GB-40GB passwords database is a good start and simple to implement. Lazy admins tend to believe that running a server is just a matter of setting it and forgetting it. They can't be farther from the truth, you should always keep your eyes in your server's logs. Once you start doing so, you actually start making your server a lot more secure by nature.

 

I'm loving UniServer, honestly. It can't get any simpler.

<p class="bbc_center"><span style="font-size:12px;"><strong>Yoni</strong></span></p>

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...