/ignore - sorry for the noise.
-------- Original Message --------
Subject: Re: HTML request accesses my router
Date: Thu, 08 Nov 2007 19:17:59 -0500
From: Eric Maurier <[EMAIL PROTECTED]>
Organization: Ross-Tech.com
To: Apache Security Response Team <[EMAIL PROTECTED]>
CC: Uwe Ross <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mark,
turns out it was not Apache (problem still appeared with the service
disabled), but rather the router that opens its login screen when you
type the name or WAN IP of the local machine inside a browser, even
without requesting a page :-)
So "update.ross-tech.com" and
"update.ross-tech.com/?U=AVCD2&A=files&K=MyBqLMOX1oyrxXuZyncTHOhIl971hpusExNuqkz1vkCJajE+TcQq4d+s1gA="
would trigger the "problem" but not "127.0.0.1" or
"127.0.0.1/?U=AVCD2&A=files&K=MyBqLMOX1oyrxXuZyncTHOhIl971hpusExNuqkz1vkCJajE+TcQq4d+s1gA="
, both regardless of apache running.
We verified that this somewhat harmless problem happens with our update
server that's on a Linksys as well as our main desktops that run off a
Netgear; in any case, not an Apache problem, sorry for having wasted
your time :-)
Best,
Eric
Apache Security Response Team wrote:
Dear Eric Maurier:
I've not seen this before, although a google search of "AVCD2 files" does
find some similar looking urls.
Does the request get logged on your server even if you access it locally
(and end up at your router auth screen)? You could narrow this down a bit
by turning off your server and seeing if you get the same result (in which
case it's perhaps possible some trojan on your system is redirecting the
request. If it still looks like Apache, try removing or disabling
modules. Let us know if you figure this out in the event we get other
similar reports.
Thank you, Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
