Seltsame Einträge im error_log

[unixnoob]

Teste da wer auf exploits ? Solche Einträge hab ich mehrfach am Tag :/

Code: Select all

[client 193.175.197.154] script '/home/httpd/vhosts/domain/httpdocs/xmlrpc.php' not found or unable to stat
[Sun Jan 29 03:21:20 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/blog
[Sun Jan 29 03:21:21 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/blog
[Sun Jan 29 03:21:22 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/blogs
[Sun Jan 29 03:21:23 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/drupal
[Sun Jan 29 03:21:24 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/phpgroupware
[Sun Jan 29 03:21:25 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/wordpress
[client 193.175.197.154] script '/home/httpd/vhosts/domain/httpdocs/xmlrpc.php' not found or unable to stat
[Sun Jan 29 03:21:27 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/xmlrpc
[Sun Jan 29 03:21:31 2006] [error] [client 193.175.197.154] File does not exist: /home/httpd/vhosts/domain/httpdocs/xmlsrv

[der kleine tux]

hallo

schaut nach einem Linux/Lupper wurm aus
der nach einer exploit möglichkeiten sucht

Code: Select all

# /cgi-bin/
# /scgi-bin/
# /awstats/
# /cgi-bin/awstats/
# /scgi-bin/awstats/
# /cgi/awstats/
# /scgi/awstats/
# /scripts/
# /cgi-bin/stats/
# /scgi-bin/stats/
# /stats/
# /xmlrpc.php
# /xmlrpc/xmlrpc.php
# /xmlsrv/xmlrpc.php
# /blog/xmlrpc.php
# /drupal/xmlrpc.php
# /community/xmlrpc.php
# /blogs/xmlrpc.php
# /blogs/xmlsrv/xmlrpc.php
# /blog/xmlsrv/xmlrpc.php
# /blogtest/xmlsrv/xmlrpc.php
# /b2/xmlsrv/xmlrpc.php
# /b2evo/xmlsrv/xmlrpc.php
# /wordpress/xmlrpc.php
# /phpgroupware/xmlrpc.php
# /cgi-bin/includer.cgi
# /scgi-bin/includer.cgi
# /includer.cgi
# /cgi-bin/include/includer.cgi
# /scgi-bin/include/includer.cgi
# /cgi-bin/inc/includer.cgi
# /scgi-bin/inc/includer.cgi
# /cgi-local/includer.cgi
# /scgi-local/includer.cgi
# /cgi/includer.cgi
# /scgi/includer.cgi
# /hints.pl
# /cgi/hints.pl
# /scgi/hints.pl
# /cgi-bin/hints.pl
# /scgi-bin/hints.pl
# /hints/hints.pl
# /cgi-bin/hints/hints.pl
# /scgi-bin/hints/hints.pl
# /webhints/hints.pl
# /cgi-bin/webhints/hints.pl
# /scgi-bin/webhints/hints.pl
# /hints.cgi
# /cgi/hints.cgi
# /scgi/hints.cgi
# /cgi-bin/hints.cgi
# /scgi-bin/hints.cgi
# /hints/hints.cgi
# /cgi-bin/hints/hints.cgi
# /scgi-bin/hints/hints.cgi
# /webhints/hints.cgi
# /cgi-bin/webhints/hints.cgi
# /scgi-bin/webhints/hints.cgi

aber solange er nichts findet
bzw du alles auf dem neusten stand gebracht hast
würd mir das weniger sorgen machen
gruss

[michaelroelle]

Ich finde diese Einträge auch in meiner Log. Aber solange du dein System aktuell hälst, ist es kein Thema. Den Wurm gibt es seit Mitte 2003.

[simcen]

Unsere Server (4 WebServer hinter Loadbalancer) werden täglich mit solchen Attacken beworfen. Bei ca. 5% aller Anfragen bei ca. 3.5 Mio Hits täglich gibt das eine beträgliche Menge. Wir mussten nun eine teure und komplexe Architektur aufbauen, um effektiv gegen "Script-Kiddies" zu schützen und die Webserver zu entlasten.