März 16, 2010

Hacked computers spamming apache server log

Filed under: Hacking — Schlagwörter: — paddy @ 3:04 pm

If you find the following in the error.log of an apache webserver:

… [error] [client XXX.XXX.XXX.XXX] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): …

You can be sure that in most cases it is a computer, largely even running a webserver and many other services, with no firewall, lacking security precautions, xampp and phpmyadmin open to everybody, empty passwords, etc. sometimes they have all of these features at once. I have not checked for viruses but I expect most of them to even be infected or at least hacked and working for someone else than they ought to.

It is most likely that they send the request to your web server without the owner knowing about this. But one thing is for certain:

  1. It causes traffic
  2. Costs energy
  3. Spams your logs
  4. Etc. etc.

And all this because the computer administrator/owner has not made an effort to secure the computer at a minimum.
Go to your apache log directory an check if the same is happening to you using the following commands:

less error.log | grep RFC2616 | awk ‚{print $8}‘ | sort | uniq
less error.log | grep RFC2616 | awk ‚{printf(„%s %s %s\n“, $3, $4, $8)}‘

Further reading:

1 Kommentar »

  1. Grade A stuff. I’m unquseitnoalby in your debt.

    Kommentar by Wind — August 25, 2011 @ 2:46 pm

RSS-Feed für Kommentare zu diesem Artikel. TrackBack URL

Schreib einen Kommentar