Koji probes

I've been seeing stuff like this in my web server logs: A total of 3 sites probed the server 66.249.71.77 66.249.71.78 66.249.71.79 A total of 6 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit): /koji/fileinfo?rpmID=866&filename=/usr/kerberos/bin/kpasswd HTTP Response 200 /koji/fileinfo?rpmID=1356&filename=/usr/bin/ldappasswd HTTP Response 200 /koji/fileinfo?rpmID=1954&filename=/usr/bin/vncpasswd HTTP Response 200 /koji/fileinfo?rpmID=3570&filename=/usr/bin/vncpasswd HTTP Response 200 /koji/fileinfo?rpmID=3107&filename=/usr/bin/ldappasswd HTTP Response 200 /koji/fileinfo?rpmID=2686&filename=/usr/kerberos/bin/kpasswd HTTP Response 200 So, I guess it's nice to know that koji is important enough that people are writing probes to try and ferret out information, but on the other hand, people are writing probes for it to try and ferret out information... -- Doug Ledford <dledford(a)redhat.com&gt; GPG KeyID: CFBFF194 http://people.redhat.com/dledford Infiniband specific RPMs available at http://people.redhat.com/dledford/Infiniband