F19: Is this an httpd attack attempt?
Wolfgang S. Rupprecht
wolfgang.rupprecht at gmail.com
Wed Mar 5 03:21:09 UTC 2014
lee <lee at yun.yagibdah.de> writes:
> Could someone please explain why/how this may be considered as an attack
> or at least as something bad? Someone requesting an URL from a web
> server that doesn´t serve this URL --- or doesn´t serve the specified
> domain at all --- could be caused by incorrect responses from name
> servers, couldn´t it?
>
> What is it in particular that would distinguish the request in question
> from others?
This is not an attack, but someone fishing for information. I
understand that apache in some modes give you the first configured vhost
when encountering a query like that. Someone wanted to see if there
was something juicy lying around. The server served the URL "http://<vhost0>/"
which was the index.{html,htm,php,etc} file in the vhost0 root directory.
-wolfgang
More information about the users
mailing list