On Thu, Jan 17, 2013 at 3:39 AM, Robert Rothenberg <[email protected]> wrote: > >>> >>> I've found the following request in the web logs for a server that doesn't >>> have Cobbler installed: >>> >>>> 93.231.100.23 - - [10/Jan/2013:00:05:14 +0000] "POST /cobbler_api >>>> HTTP/1.1" 404 288 "-" "-" >>> >>> Is there a possible exploit in Cobbler that script kiddies are probing now? >>> >> [BP:] Could there be a Autotest server in your environment that thinks that >> there is Cobbler running on this server? > > No. That's not one of my machines.
Or they could just be looking for people that have cobbler servers connected to the internet without locking them down (still using the default password). You could verify it by running tcpdump and analyzing the pcap to see what they're sending in the POST. _______________________________________________ cobbler mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/cobbler
