Re: Salida rara en Apache (tail -f /var/log/apache.log)

[consul tores]

2011/10/2 consul tores <consultor...@gmail.com>:
> El día 29 de septiembre de 2011 20:47, leos.lis...@gmail.com
> <leos.lis...@gmail.com> escribió:
>> Grupo, buenas noches.
>>
>> Viendo la salida de mi Apache veo lo siguiente:
>>
>> 184.22.207.34 - - [29/Sep/2011:11:46:42 -0300] "POST
>> /password.cgi?usrPassword=dnschange HTTP/1.1" 404 315 "-" "curl/7.19.7
>> (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3
>> libidn/1.18 libssh2/1.2.2"
>> 184.22.207.34 - - [29/Sep/2011:11:46:43 -0300] "POST
>> /password.cgi?sptPassword=dnschange HTTP/1.1" 404 315 "-" "curl/7.19.7
>> (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3
>> libidn/1.18 libssh2/1.2.2"
>> 184.22.207.34 - - [29/Sep/2011:11:46:43 -0300] "POST
>> /password.cgi?sysPassword=dnschange HTTP/1.1" 404 315 "-" "curl/7.19.7
>> (x86_64-unknown-linux-gnu) libcurl/7.19.7 NSS/3.12.6.2 zlib/1.2.3
>> libidn/1.18 libssh2/1.2.2"
>> 184.22.207.34 - - [29/Sep/2011:11:46:44 -0300] "POST /dnscfg.cgi HTTP/1.1"
>> 404 313 "-" "curl/7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7
>> NSS/3.12.6.2 zlib/1.2.3 libidn/1.18 libssh2/1.2.2"
>> 184.22.207.34 - - [29/Sep/2011:11:46:44 -0300] "GET /rebootinfo.cgi
>> HTTP/1.1" 404 317 "-" "curl/7.19.7 (x86_64-unknown-linux-gnu) libcurl/7.19.7
>> NSS/3.12.6.2 zlib/1.2.3 libidn/1.18 libssh2/1.2.2"
>>
>> Alguien sabe que puede ser lo que trataron de ejecutar?
>>
>> Muchas Gracias.
>>
>> Saludos.!!!
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmas...@lists.debian.org
>> Archive: http://lists.debian.org/4e853bd6.3080...@gmail.com
>
> Es posible que esto te de una idea:
>
> http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d38...@minotaur.apache.org%3E
>
> El problema parece ser que Apache da demasiada informacion.
> Especialmente x86_64.
>

Aqui esta el proceso descrito:

http://thehackernews.com/2011/10/apache-killer-exploit-modified-for.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Daily+Cyber+News+Updates%29


--
To UNSUBSCRIBE, email to debian-user-spanish-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/CAFxkjqnZf_w_Jo7K3oh3h9bDUcB75EVqJ=g9gqxyt41gath...@mail.gmail.com