leop1212
asked on
uknown hacking atemps
I can see a lot strange activities in my website (CentOS6.0-64 Minimal for VS) Apache log like this one
http://myinfo.any-request-allowed.com/?a=tt4mq2&b=e33bu
if i try to navigate to it this is what I see below.
can anyone tell me what are they after?
d7aa4ad6f7a7fbadb117f6ef8a 20d184||fo rce-no-var y=>|downgr ade-1_0=>| HTTP_HOST= >myinfo.an y-request- allowed.co m|HTTP_X_R EAL_IP=>10 8.7.234.40 |HTTP_CONN ECTION=>cl ose|HTTP_U SER_AGENT= >Mozilla/5 .0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0|HTTP_ACCEPT=> text/html, applicatio n/xhtml+xm l,applicat ion/xml;q0 .9,*/*;q0. 8|HTTP_ACC EPT_LANGUA GE=>en-US, en;q0.5|HT TP_ACCEPT_ ENCODING=> gzip, deflate|PATH=>/usr/local/b in:/usr/bi n:/bin|SER VER_SIGNAT URE=>|SERV ER_SOFTWAR E=>Apache| SERVER_NAM E=>myinfo. any-reques t-allowed. com|SERVER _PORT=>80| REMOTE_ADD R=>108.7.2 34.40|DOCU MENT_ROOT= >/|SERVER_ ADMIN=>[no address given]|SCRIPT_FILENAME=>/| REMOTE_POR T=>37295|G ATEWAY_INT ERFACE=>|S ERVER_PROT OCOL=>HTTP /1.0|REQUE ST_METHOD= >GET|QUERY _STRING=>| REQUEST_UR I=>/|SCRIP T_NAME=>/| REQUEST_TI ME=>143168 6922|DOCUM ENT_URI=>/ |USER=>|HO ME=>||||||
http://myinfo.any-request-allowed.com/?a=tt4mq2&b=e33bu
if i try to navigate to it this is what I see below.
can anyone tell me what are they after?
d7aa4ad6f7a7fbadb117f6ef8a
somebody dumped your cgi environment using shellshock vulnerability. you must update sometimes
ASKER
what do I have to update ? what other action do you recomend
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'd block this host in iptables to be on the safe side though.