Portal Home > Knowledgebase > Articles Database > New (Patched) cPanel Vulnerabilitites?
New (Patched) cPanel Vulnerabilitites?
Posted by w00ts!te, 05-24-2007, 01:52 PM |
I keep getting these types of accesses in a few of my servers.
42-1 - 0/0/18 . 0.00 512957 0 0.0 0.00 0.15 86.127.9.63 (unavailable) GET /publisher HTTP/1.043-1 - 0/0/13 . 0.00 512955 0 0.0 0.00 0.40 86.127.9.63 (unavailable) HEAD /_vti_bin/_vti_aut/fp30reg.dll HTTP/1.144-1 - 0/0/14 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /cgi-bin/phf HTTP/1.045-1 - 0/0/11 . 0.00 512954 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /domcfg.nsf/?open HTTP/1.046-1 - 0/0/14 . 0.00 512951 0 0.0 0.00 0.29 86.127.9.63 (unavailable) GET /null.htw HTTP/1.047-1 - 0/0/12 . 0.00 512959 0 0.0 0.00 0.44 86.127.9.63 (unavailable) GET /orders/orders.txt HTTP/1.048-1 - 0/0/8 . 0.00 512960 0 0.0 0.00 0.17 86.127.9.63 (unavailable) GET /mall_log_files/order.log HTTP/1.049-1 - 0/0/5 . 0.00 512957 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /whois_raw.cgi HTTP/1.050-1 - 0/0/2 . 0.00 512960 0 0.0 0.00 0.14 86.127.9.63 (unavailable) GET /cgi-bin/whois_raw.cgi HTTP/1.051-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.20 86.127.9.63 (unavailable) GET /cgi-bin/ HTTP/1.052-1 - 0/0/3 . 0.00 512955 0 0.0 0.00 0.19 86.127.9.63 (unavailable) GET /cgi-bin/uptime HTTP/1.053-1 - 0/0/2 . 0.00 512955 0 0.0 0.00 0.00 86.127.9.63 (unavailable) GET /ifx/?LO=../../../etc/passwd HTTP/1.054-1 - 0/0/2 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi-bin/webbbs.cgi HTTP/1.055-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.02 86.127.9.63 (unavailable) GET /root HTTP/1.056-1 - 0/0/2 . 0.00 512949 0 0.0 0.00 0.08 86.127.9.63 (unavailable) GET /quikstore.cfg HTTP/1.057-1 - 0/0/3 . 0.00 512954 0 0.0 0.00 0.01 86.127.9.63 (unavailable) GET /cgi/ HTTP/1.0
The IP had been globally banned and I think cPanel has already come out with a patch for it so this topic is kind of a "by the way" for some admins.
|
Posted by Patrick, 05-24-2007, 01:56 PM |
Looks like someone is running a very outdated web vulnerability scanner against your box.
Hell, one of those exploits (phf) is from 1996.
|
Posted by w00ts!te, 05-24-2007, 03:35 PM |
I don't see why someone would still run those as cPanel is updated constantly... especially those old vulnerabilities.
|
Add to Favourites Print this Article
Also Read
NOC and DC (Views: 466)