|
Be warned about "/sumthin"
I just noticed that on my server logs.
"GET /sumthin HTTP/1.0" That returns detailed server information by headers. It looks like that's some kind of trojan looking for some specific exploits on server software. There is too little information on the web right now but that might be serious in future. It seems like one of the possible solutions might be .htaccess protection for that request. I advice you to check your logs and be aware just in case. |
interesting
|
Wasn't there something like that going around last year or so when ccBill got hacked?
Someone had access to a lot of servers and were dropping egg bots onto the client boxes. I don't know if any damage was done, I never got hit. Is this similar? Hmm. AST 121760557 |
Quote:
Sumthin tells me you should be making sure your SSL enabled webservers are (and have been) using a safe version of OpenSSL instead of worrying how to block requests for /sumthin If your server responses with something other than your 404 page when you hit https://www.yourserver.com/sumthin -- then you have problems & should contact your system administrator for a complete reinstallation. |
Quote:
I'm administrating it myself and all software is up to date. And you are right, there was attacks to some servers with old version OpenSSL right after checking them. One more thing to do would be putting those to httpd.conf file. ServerTokens prod ServerSignature off Those makes apache to stop giving software & versions at header. It just gives "Apache" instead of detailed info. Of course that is not a protection but it feels better when it doesn't gives them what they want. |
tru tru
Quote:
|
Can't we all just get along and quit hacking servers . . .
|
What if hackers and scam doesn't exist? It would be a boring world :winkwink:
|
| All times are GMT -7. The time now is 01:59 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123