[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Koji probes



I've been seeing stuff like this in my web server logs:

 A total of 3 sites probed the server 
    66.249.71.77
    66.249.71.78
    66.249.71.79
 
 A total of 6 possible successful probes were detected (the following URLs
 contain strings that match one or more of a listing of strings that
 indicate a possible exploit):
 
    /koji/fileinfo?rpmID=866&filename=/usr/kerberos/bin/kpasswd HTTP Response 200 
    /koji/fileinfo?rpmID=1356&filename=/usr/bin/ldappasswd HTTP Response 200 
    /koji/fileinfo?rpmID=1954&filename=/usr/bin/vncpasswd HTTP Response 200 
    /koji/fileinfo?rpmID=3570&filename=/usr/bin/vncpasswd HTTP Response 200 
    /koji/fileinfo?rpmID=3107&filename=/usr/bin/ldappasswd HTTP Response 200 
    /koji/fileinfo?rpmID=2686&filename=/usr/kerberos/bin/kpasswd HTTP Response 200 
 

So, I guess it's nice to know that koji is important enough that people
are writing probes to try and ferret out information, but on the other
hand, people are writing probes for it to try and ferret out
information...

-- 
Doug Ledford <dledford redhat com>
              GPG KeyID: CFBFF194
              http://people.redhat.com/dledford

Infiniband specific RPMs available at
              http://people.redhat.com/dledford/Infiniband

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]