Koji probes
Doug Ledford
dledford at redhat.com
Mon Oct 20 13:36:12 UTC 2008
I've been seeing stuff like this in my web server logs:
A total of 3 sites probed the server
66.249.71.77
66.249.71.78
66.249.71.79
A total of 6 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):
/koji/fileinfo?rpmID=866&filename=/usr/kerberos/bin/kpasswd HTTP Response 200
/koji/fileinfo?rpmID=1356&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=1954&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3570&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3107&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=2686&filename=/usr/kerberos/bin/kpasswd HTTP Response 200
So, I guess it's nice to know that koji is important enough that people
are writing probes to try and ferret out information, but on the other
hand, people are writing probes for it to try and ferret out
information...
--
Doug Ledford <dledford at redhat.com>
GPG KeyID: CFBFF194
http://people.redhat.com/dledford
Infiniband specific RPMs available at
http://people.redhat.com/dledford/Infiniband
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-buildsys-list/attachments/20081020/3f23e096/attachment.sig>
More information about the Fedora-buildsys-list
mailing list