some one asking for strange web-pages...

Discussion in 'Computer Security' started by Anders, Feb 16, 2006.

  1. Anders

    Anders Guest

    This I find in my /var/log/apache2/error.log and I wonder a litle over
    what this would be.
    I did a whois on 200.23.35.52 and find out that it come from some one in
    Mexico.
    My question is, is this from a person or is it from some kind of program..?
    If it is a person, what is he/she up to?

    My litle web site is merely in swedish and can only be of interest for
    any one, if he/she read swedish, and have beginners interest in
    Gnu/Linux and my dog.

    [Thu Feb 16 10:57:26 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/index2.php
    [Thu Feb 16 10:57:27 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/index.php
    [Thu Feb 16 10:57:28 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/mambo
    [Thu Feb 16 10:57:30 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/cvs
    [Thu Feb 16 10:57:31 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/articles
    [Thu Feb 16 10:57:32 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/cvs
    [Thu Feb 16 10:57:34 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/xmlrpc.php
    [Thu Feb 16 10:57:35 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/blog
    [Thu Feb 16 10:57:37 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/blog
    [Thu Feb 16 10:57:38 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/blogs
    [Thu Feb 16 10:57:39 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/drupal
    [Thu Feb 16 10:57:40 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/phpgroupware
    [Thu Feb 16 10:57:42 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/wordpress
    [Thu Feb 16 10:57:43 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/xmlrpc.php
    [Thu Feb 16 10:57:44 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/xmlrpc
    [Thu Feb 16 10:57:46 2006] [error] [client 200.23.35.52] File does not
    exist: /var/www/xmlsrv

    /Anders
    Anders, Feb 16, 2006
    #1
    1. Advertising

  2. Anders

    Todd H. Guest

    Anders <> writes:

    > This I find in my /var/log/apache2/error.log and I wonder a litle over
    > what this would be.
    > I did a whois on 200.23.35.52 and find out that it come from some one
    > in Mexico.
    > My question is, is this from a person or is it from some kind of
    > program..?> If it is a person, what is he/she up to?


    Script kiddie looking for common URL's in an attempt to identify
    targets. These are typically looking for common URL's where a
    specific web application is known to run on a site, and that has
    exploitable vulnerabilities.

    nikto is a popular program that does this stuff, but there are plenty
    of others. White hats use it for assessing vulnerabilities of their
    clients' web sites (with their consent), the bad guys use it to try to
    break in and wreak havoc. e.g. finding an old level of phpbb that's
    exploitable or some such

    You could block that IP as a countermeasure, or just accept such
    scanning as a fact of life on the net.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
    Todd H., Feb 16, 2006
    #2
    1. Advertising

  3. Anders

    Anders Guest

    Todd H. wrote:
    > Anders <> writes:
    >
    >
    >>This I find in my /var/log/apache2/error.log and I wonder a litle over
    >>what this would be.
    >>I did a whois on 200.23.35.52 and find out that it come from some one
    >>in Mexico.
    >>My question is, is this from a person or is it from some kind of
    >>program..?> If it is a person, what is he/she up to?

    >
    >
    > Script kiddie looking for common URL's in an attempt to identify
    > targets. These are typically looking for common URL's where a
    > specific web application is known to run on a site, and that has
    > exploitable vulnerabilities.
    >
    > nikto is a popular program that does this stuff, but there are plenty
    > of others. White hats use it for assessing vulnerabilities of their
    > clients' web sites (with their consent), the bad guys use it to try to
    > break in and wreak havoc. e.g. finding an old level of phpbb that's
    > exploitable or some such
    >
    > You could block that IP as a countermeasure, or just accept such
    > scanning as a fact of life on the net.
    >
    > Best Regards,


    Thank you for the answer, just seeing it in the error.log tells me that
    he did not get what he wanted. I will block the IP for now, I have a
    list of bad IP's but havent got the time to put it in to my hostlist yet.

    I have make use of a services from the swedish goverment of post and
    telecomunikation and they are using nessus, and the result was that my
    site is secure besides two vulnerabilities.
    1. they can figure out what OS and web-server I am running.
    2. they can read my robots.txt and that one only say's, User-Agent: *
    Disallow: /

    /Anders
    Anders, Feb 16, 2006
    #3
  4. Anders

    Todd H. Guest

    Anders <> writes:
    > I have make use of a services from the swedish goverment of post and
    > telecomunikation and they are using nessus, and the result was that my
    > site is secure besides two vulnerabilities.
    > 1. they can figure out what OS and web-server I am running.


    Which isn't that big a deal so long as you remain up to date.

    > 2. they can read my robots.txt and that one only say's, User-Agent: *
    > Disallow: /


    Which isn't a big deal at all as it leaks 0 information.

    --
    Todd H.
    http://www.toddh.net/
    Todd H., Feb 16, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris
    Replies:
    4
    Views:
    413
    Chris
    Dec 9, 2003
  2. Replies:
    1
    Views:
    506
  3. Louis AA

    can't get some pages on web to display

    Louis AA, Oct 20, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    418
    °Mike°
    Oct 20, 2003
  4. Broom Hilda

    problem with some web pages

    Broom Hilda, Apr 12, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    358
    Old Gringo
    Apr 12, 2005
  5. Giuen
    Replies:
    0
    Views:
    752
    Giuen
    Sep 12, 2008
Loading...

Share This Page