cross-site scripting attack?
Results 1 to 2 of 2

Thread: cross-site scripting attack?

  1. #1
    Junior Member
    Join Date
    Jan 2007
    Posts
    1

    cross-site scripting attack?

    my brother's server has had some problems and his sysadmin buddy keeps insisting it's a 'cross site scripting attack' that somehow preys on fopen(). His apache error log is full of errors like this:

    Code:
    [Thu Jan 18 09:30:24 2007] [error] [client 221.6.253.34] File does not exist: E:/conduit/site/mb
     [Thu Jan 18 09:30:36 2007] [error] [client 68.192.221.84] File does not exist: E:/conduit/site/cgi-bin, referer: http://www.anonymitytest.com/cgi-bin/jenv.cgi
     [Thu Jan 18 09:30:41 2007] [error] [client 68.192.221.84] File does not exist: E:/conduit/site/cgi-bin, referer: http://www.anonymitytest.com/cgi-bin/jenv.cgi
     [Thu Jan 18 09:30:54 2007] [error] [client 211.55.160.235] File does not exist: E:/conduit/site/f1.member.ird.yahoo.com, referer: http://edit.korea.yahoo.com
    We have no idea who www.anonymitytest.com is.

    The apache access log is also full of domains that we do not recognize. How can it be that our apache log has domains that we haven't mapped to it?

    Code:
    209.190.9.18 - - [18/Jan/2007:08:44:23 -0800] "CONNECT 61.155.13.170:25 HTTP/1.0" 200 29273
     85.185.227.2 - - [18/Jan/2007:08:44:32 -0800] "GET http://www.sparklehits.com/directory/Personal+Finance/aff/1379 HTTP/1.0" 404 3487
    209.11.243.66 - - [18/Jan/2007:08:43:25 -0800] "CONNECT 85.93.75.5:25 HTTP/1.0" 200 29273
     61.16.156.107 - - [18/Jan/2007:08:43:28 -0800] "GET http://www.jadesearch.net/index.php?uid=171&REQ=Massage+Chair HTTP/1.0" 404 3511

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    209.11.243.66 - - [18/Jan/2007:08:43:25 -0800] "CONNECT 85.93.75.5:25 HTTP/1.0" 200 29273
    Looks like your website is being used as a proxy (via CONNECT). You need to use LimitExcept for each directory served (http://httpd.apache.org/docs/2.2/mod...l#limitexcept).

    The first ones look like you might have a vulnerable CGI script that someone is trying to abuse to access files on the local file system.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •