asked on

uknown hacking atemps

I can see a lot strange activities in my website (CentOS6.0-64 Minimal for VS) Apache log like this one
http://myinfo.any-request-allowed.com/?a=tt4mq2&b=e33bu

if i try to navigate to it this is what I see below.
can anyone tell me what are they after?

d7aa4ad6f7a7fbadb117f6ef8a20d184||force-no-vary=>|downgrade-1_0=>|HTTP_HOST=>myinfo.any-request-allowed.com|HTTP_X_REAL_IP=>108.7.234.40|HTTP_CONNECTION=>close|HTTP_USER_AGENT=>Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0|HTTP_ACCEPT=>text/html,application/xhtml+xml,application/xml;q0.9,*/*;q0.8|HTTP_ACCEPT_LANGUAGE=>en-US,en;q0.5|HTTP_ACCEPT_ENCODING=>gzip, deflate|PATH=>/usr/local/bin:/usr/bin:/bin|SERVER_SIGNATURE=>|SERVER_SOFTWARE=>Apache|SERVER_NAME=>myinfo.any-request-allowed.com|SERVER_PORT=>80|REMOTE_ADDR=>108.7.234.40|DOCUMENT_ROOT=>/|SERVER_ADMIN=>[no address given]|SCRIPT_FILENAME=>/|REMOTE_PORT=>37295|GATEWAY_INTERFACE=>|SERVER_PROTOCOL=>HTTP/1.0|REQUEST_METHOD=>GET|QUERY_STRING=>|REQUEST_URI=>/|SCRIPT_NAME=>/|REQUEST_TIME=>1431686922|DOCUMENT_URI=>/|USER=>|HOME=>||||||

Zephyr ICT

Likely it's a already compromised host doing some kind of port/vulnerability scanning on your host... What response does your webserver give on these requests? If it's 404 then you're probably ok...

I'd block this host in iptables to be on the safe side though.

gheist

somebody dumped your cgi environment using shellshock vulnerability. you must update sometimes

leop1212

ASKER

what do I have to update ? what other action do you recomend

ASKER CERTIFIED SOLUTION

gheist

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial