F19: Is this an httpd attack attempt?
lee
lee at yun.yagibdah.de
Thu Mar 6 10:37:52 UTC 2014
Tom Rivers <tom at impact-crater.com> writes:
> On 3/5/2014 10:45, Tom Rivers wrote:
>> Now that I had successfully simulated the attack signature in the
>> log file of the proxy web server, I logged into the target web
>> server and looked at its access log. Thankfully I found no log of
>> any activity from my XXX.XXX.XXX.XXX workstation IP. Not wanting to
>> leave any stone unturned, I did a "tail -f" on the log file of the
>> target web server and performed the same test again. I got the same
>> results.
>
> Sorry, it's a busy day at work and I wasn't as clear as I should have
> been in this last paragraph. What I should've said is that there were
> no entries in the log file of the target web server referencing the
> attempted "attack" for either the IP of my workstation or the IP of
> the proxy web server.
Tom, thank you very much for your effort and time investigating and
sharing this!
--
Fedora release 20 (Heisenbug)
More information about the users
mailing list