F19: Is this an httpd attack attempt?
Tim
ignored_mailbox at yahoo.com.au
Thu Mar 6 13:00:40 UTC 2014
Allegedly, on or about 05 March 2014, Wolfgang S. Rupprecht sent:
> 2) apache has (to my mind) a minor bug where it serves pages from the
> first vhost if you ask for an unknown vhost.
In the absence of a matching virtual host, it returns the default
service. The same as if you'd requested a connection to just the
numerical IP address, without any hostname.
I've always configured all domains separately, and left the default
service showing that pre-configuration Apache page that tells you that
the service is alive, or just a basic page. That way, non-matching
connections don't connect to /some/ virtual host, as if by accident.
--
[tim at localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64
All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.
George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.
More information about the users
mailing list