Quoth latin...@resist.ca: > Hello > > i found today these lines, is it something to be worry please? > > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:03 -0700] "GET > /.well-known/security.txt HTTP/1.1" 404 0 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:03 -0700] "GET > /?file=../../../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET > /?file=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET > /?inc=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET > /?include=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET > /?layout=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET > /?module=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET > /?page=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET > /?path=../../../../../../boot.ini HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET > /?template=../../../../etc/passwd HTTP/1.1" 200 7591 > agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:06 -0700] "GET > /?view=../../../../etc/passwd HTTP/1.1" 200 7591 >
(Apologies if you recieve this twice. It's my first time sending to the list so I forgot to CC misc@). Nope, just another bot trying to pry into your secrets. you'll see similar failed attempts to break into your system if you look in /var/log/authlog (assuming you have ssh listening on port 22). As long as you have a secure setup and don't serve your passwords over HTTP (as that's what the bot is trying to grab) you'll be fine. -- noodle
