Re: Security question regarding root email

[Peter Gordon <admin@xxxxxxxxxxxxxxxxxxxxx>]

On Sun, 2006-01-01 at 15:37 +0200, Dotan Cohen wrote:
>  --------------------- httpd Begin ------------------------
>  Requests with error response codes
>     404 Not Found
>        /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
>        /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /favicon.ico: 32 Time(s)
>        /javascript/HM_Arrays.js: 1 Time(s)
>        /javascript/HM_ScriptDOM.js: 1 Time(s)
>        /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
>        /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>  ---------------------- httpd End -------------------------
> [...]
>  --------------------- httpd Begin ------------------------
>  Requests with error response codes
>     403 Forbidden
>        /cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
>        /cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1 Time(s)
>     404 Not Found
>        /Forums/admin/admin_styles.php?phpbb_root_ ... cho%20YYY;echo|: 1 Time(s)
>        /Forums/admin/admin_styles.phpadmin_styles ... cho%20YYY;echo|: 1 Time(s)
>        /admin_styles.phpadmin_styles.php?phpbb_ro ... cho%20YYY;echo|: 1 Time(s)
>        /awstats/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
>        /blog/xmlrpc.php: 2 Time(s)
>        /blog/xmlsrv/xmlrpc.php: 2 Time(s)
>        /blogs/xmlsrv/xmlrpc.php: 2 Time(s)
>        /cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
>        /cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /drupal/xmlrpc.php: 2 Time(s)
>        /mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
>        /modules/Forums/admin/admin_styles.php?php ... cho%20YYY;echo|: 1 Time(s)
>        /modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 2 Time(s)
>        /modules/coppermine/themes/default/theme.p ... cho%20YYY;echo|: 2 Time(s)
>        /php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
>        /phpgroupware/xmlrpc.php: 2 Time(s)
>        /wordpress/xmlrpc.php: 2 Time(s)
>        /xmlrpc.php: 4 Time(s)
>        /xmlrpc/xmlrpc.php: 2 Time(s)
>        /xmlsrv/xmlrpc.php: 2 Time(s)
>  ---------------------- httpd End -------------------------
As I recall, these are attempts to hijack your server using a variant of
the Luper worm that was going around a few months back. You seem to be
running SELinux though, so you probably shouldn't be worried, as the
default targeted and strict policies of Fedora Core 3 and 4 protect
against it.  :-)
-- 
Peter Gordon (codergeek42)
GnuPG Public Key: 0xDA3634D7

Attachment: signature.asc
Description: This is a digitally signed message part