> Quoth latin...@resist.ca:
>> Hello
>>
>> i found today these lines, is it something to be worry please?
>>
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:03 -0700] "GET
>> /.well-known/security.txt HTTP/1.1" 404 0
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:03 -0700] "GET
>> /?file=../../../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET
>> /?file=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET
>> /?inc=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET
>> /?include=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:04 -0700] "GET
>> /?layout=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET
>> /?module=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET
>> /?page=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET
>> /?path=../../../../../../boot.ini HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:05 -0700] "GET
>> /?template=../../../../etc/passwd HTTP/1.1" 200 7591
>> agroena.org 185.177.72.16 - - [09/Jul/2025:13:06:06 -0700] "GET
>> /?view=../../../../etc/passwd HTTP/1.1" 200 7591
>>
>
> Nope, just another bot trying to pry into your secrets. you'll see
> similar failed attempts to break into your system if you look in
> /var/log/authlog (assuming you have ssh listening on port 22). As
> long as you have a secure setup and don't serve your passwords over
> HTTP (as that's what the bot is trying to grab) you'll be fine.
>
> --
> noodle
>
>
Thank you noodle, i was cautious because of the 200 which appears when
someone access the web page.
