Apache vulnerability?

Alex mysqlstudent at gmail.com
Tue Nov 1 21:06:45 UTC 2011


I thought someone might be familiar with apache and expected behavior
to know whether the access_log entries below are attack attempts, or
something less alarming. I'm seeing repeated entries like these from a
handful of IP addresses at a time, all with 404 errors using "POST
/index.php": - - [01/Nov/2011:16:56:29 -0400] "POST /index.php
HTTP/1.1" 404 7168 "http://www.example.com/index.php" "Mozilla/5.0
(Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2" 31508 7609 - - [01/Nov/2011:16:56:46 -0400] "POST /index.php
HTTP/1.1" 404 7169 "http://www.example.com/index.php" "Mozilla/5.0
(Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2" 85912 7610

Is this a known exploit attempt? The server has been responding
slowly, and I believe this is partly the cause.

How can I troubleshoot this further?


More information about the users mailing list