FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 10-20-2008, 01:36 PM
Doug Ledford
 
Default Koji probes

I've been seeing stuff like this in my web server logs:

A total of 3 sites probed the server
66.249.71.77
66.249.71.78
66.249.71.79

A total of 6 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

/koji/fileinfo?rpmID=866&filename=/usr/kerberos/bin/kpasswd HTTP Response 200
/koji/fileinfo?rpmID=1356&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=1954&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3570&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3107&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=2686&filename=/usr/kerberos/bin/kpasswd HTTP Response 200


So, I guess it's nice to know that koji is important enough that people
are writing probes to try and ferret out information, but on the other
hand, people are writing probes for it to try and ferret out
information...

--
Doug Ledford <dledford@redhat.com>
GPG KeyID: CFBFF194
http://people.redhat.com/dledford

Infiniband specific RPMs available at
http://people.redhat.com/dledford/Infiniband

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
 
Old 10-20-2008, 01:44 PM
Andreas Thienemann
 
Default Koji probes

On Mon, 20 Oct 2008, Doug Ledford wrote:

> So, I guess it's nice to know that koji is important enough that people
> are writing probes to try and ferret out information, but on the other
> hand, people are writing probes for it to try and ferret out
> information...

This looks more like automated probing for everything with the word passwd
in it...

Seen these for years at other systems, not much to worry about.

regards,
andreas

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
 
Old 10-20-2008, 01:55 PM
Oliver Falk
 
Default Koji probes

Andreas Thienemann wrote:

On Mon, 20 Oct 2008, Doug Ledford wrote:


So, I guess it's nice to know that koji is important enough that people
are writing probes to try and ferret out information, but on the other
hand, people are writing probes for it to try and ferret out
information...


This looks more like automated probing for everything with the word passwd
in it...


Seen these for years at other systems, not much to worry about.


Copy that. I've seen the same on various webservers here....

-of

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
 
Old 10-20-2008, 04:13 PM
Mike McLean
 
Default Koji probes

Doug Ledford wrote:
A total of 3 sites probed the server
66.249.71.77

66.249.71.78
66.249.71.79


These reverse map to googlebot.com.


A total of 6 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

/koji/fileinfo?rpmID=866&filename=/usr/kerberos/bin/kpasswd HTTP Response 200
/koji/fileinfo?rpmID=1356&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=1954&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3570&filename=/usr/bin/vncpasswd HTTP Response 200
/koji/fileinfo?rpmID=3107&filename=/usr/bin/ldappasswd HTTP Response 200
/koji/fileinfo?rpmID=2686&filename=/usr/kerberos/bin/kpasswd HTTP Response 200


These links are all reachable via the web ui, any crawler might will hit
them. I suggest adding a robots.txt to keep crawlers out.



--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
 
Old 10-20-2008, 04:36 PM
Bruno Wolff III
 
Default Koji probes

On Mon, Oct 20, 2008 at 12:13:23 -0400,
Mike McLean <mikem@redhat.com> wrote:
>
> These links are all reachable via the web ui, any crawler might will hit
> them. I suggest adding a robots.txt to keep crawlers out.

Or meta tags directed at robots. Doing things that way has some advantages
over robots.txt.

--
Fedora-buildsys-list mailing list
Fedora-buildsys-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
 

Thread Tools




All times are GMT. The time now is 06:56 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org