Be warned about "/sumthin"

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Arty
    Confirmed User
    • Nov 2002
    • 880

    #1

    Be warned about "/sumthin"

    I just noticed that on my server logs.

    "GET /sumthin HTTP/1.0"

    That returns detailed server information by headers. It looks like that's some kind of trojan looking for some specific exploits on server software. There is too little information on the web right now but that might be serious in future.

    It seems like one of the possible solutions might be .htaccess protection for that request.

    I advice you to check your logs and be aware just in case.
  • Gutterboy
    So Fucking Banned
    • Jul 2002
    • 4751

    #2
    interesting

    Comment

    • Adult Site Traffic
      Confirmed User
      • Mar 2003
      • 5093

      #3
      Wasn't there something like that going around last year or so when ccBill got hacked?

      Someone had access to a lot of servers and were dropping egg bots onto the client boxes.

      I don't know if any damage was done, I never got hit. Is this similar?

      Hmm.

      AST 121760557

      ALL Domains and Websites are GOING AWAY NOW! Ask me!
      Many great domains, mainstream and adult, some complete sites with databases, some names with traffic and PR, some investment quality names. Come take a look! { Traffic Orders: Please go here }

      .:: SHARPEN the Elite - BURN the leftovers! Ooh-Rah!! ::.

      Comment

      • goBigtime
        Confirmed User
        • Nov 2002
        • 7761

        #4
        Originally posted by Arty
        I just noticed that on my server logs.

        "GET /sumthin HTTP/1.0"

        That returns detailed server information by headers. It looks like that's some kind of trojan looking for some specific exploits on server software. There is too little information on the web right now but that might be serious in future.

        It seems like one of the possible solutions might be .htaccess protection for that request.

        I advice you to check your logs and be aware just in case.

        Sumthin tells me you should be making sure your SSL enabled webservers are (and have been) using a safe version of OpenSSL instead of worrying how to block requests for /sumthin


        If your server responses with something other than your 404 page when you hit https://www.yourserver.com/sumthin -- then you have problems & should contact your system administrator for a complete reinstallation.

        Comment

        • Arty
          Confirmed User
          • Nov 2002
          • 880

          #5
          Originally posted by goBigtime



          Sumthin tells me you should be making sure your SSL enabled webservers are (and have been) using a safe version of OpenSSL instead of worrying how to block requests for /sumthin


          If your server responses with something other than your 404 page when you hit https://www.yourserver.com/sumthin -- then you have problems & should contact your system administrator for a complete reinstallation.
          Thanks for the advice.

          I'm administrating it myself and all software is up to date. And you are right, there was attacks to some servers with old version OpenSSL right after checking them.

          One more thing to do would be putting those to httpd.conf file.

          ServerTokens prod
          ServerSignature off

          Those makes apache to stop giving software & versions at header. It just gives "Apache" instead of detailed info. Of course that is not a protection but it feels better when it doesn't gives them what they want.

          Comment

          • PbG
            Confirmed User
            • May 2003
            • 1025

            #6
            tru tru

            Originally posted by goBigtime



            Sumthin tells me you should be making sure your SSL enabled webservers are (and have been) using a safe version of OpenSSL instead of worrying how to block requests for /sumthin


            If your server responses with something other than your 404 page when you hit https://www.yourserver.com/sumthin -- then you have problems & should contact your system administrator for a complete reinstallation.

            Uncensored-Hosting | Photography by Gus

            Comment

            • KRL
              Entrepreneur
              • Oct 2002
              • 31429

              #7
              Can't we all just get along and quit hacking servers . . .
              If you would like to develop your domains, you can lease inexpensive foreign labor
              from the leaders in the field at iWebmasters.com TO LOWER YOUR COSTS AND INCREASE YOUR PRODUCTION!

              *** *** *** *** *** *** *** *** *** *** *** ***
              Domains Adult News KRL's Newsletter Biz Tips Just Listed Domains

              Comment

              • Vivaldi
                Confirmed User
                • Jan 2003
                • 303

                #8
                What if hackers and scam doesn't exist? It would be a boring world
                don't even think about it

                Comment

                Working...