suexec违反政策:这些家伙在做什么?
suexec违反政策:这些家伙在做什么?
提问于 2011-11-21 18:11:35
刚刚开始负责一个新客户的网站。操作系统是Linux。他们在文档根目录下有一个cgi-bin目录。
我查看了我的error.log,找出了一个脚本的问题,并发现了一些试图访问使用dis的Perl脚本的尝试。我已经删除了整个cgi目录。
问题:
我在哪里可以找到Linux上的suexec日志?它不在/var/log/httpd/suexec_log中。
如果权限设置正确,攻击者如何获得cgi目录列表?
现在cgi已经被移除了,对进一步的行动有什么想法吗?
[Mon Nov 21 01:15:08 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:15:08 2011] [error] [client 66.249.68.193] Premature end of script headers: excel.pl
[Mon Nov 21 01:32:30 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:32:30 2011] [error] [client 66.249.68.193] Premature end of script headers: forward.pl
[Mon Nov 21 01:49:52 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:49:52 2011] [error] [client 66.249.68.193] Premature end of script headers: harvest.pl
[Mon Nov 21 01:58:27 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 01:58:27 2011] [error] [client 66.249.68.193] Premature end of script headers: who.pl
[Mon Nov 21 02:07:14 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:07:14 2011] [error] [client 66.249.68.193] Premature end of script headers: thousandwords.pl
[Mon Nov 21 02:17:21 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:17:21 2011] [error] [client 66.249.68.193] Premature end of script headers: news.pl
[Mon Nov 21 02:41:58 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:41:58 2011] [error] [client 66.249.68.193] Premature end of script headers: environment.pl
[Mon Nov 21 02:52:14 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:52:14 2011] [error] [client 66.249.68.193] Premature end of script headers: xpdf.pl
[Mon Nov 21 02:59:20 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:59:20 2011] [error] [client 66.249.68.193] Premature end of script headers: mail.pl
[Mon Nov 21 02:59:47 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 02:59:47 2011] [error] [client 66.249.68.193] Premature end of script headers: score.pl
[Mon Nov 21 03:16:42 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:16:42 2011] [error] [client 66.249.68.193] Premature end of script headers: pdfextract.pl
[Mon Nov 21 03:16:54 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:16:54 2011] [error] [client 66.249.68.193] Premature end of script headers: surveysays.pl
[Mon Nov 21 03:26:22 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:26:22 2011] [error] [client 66.249.68.193] Premature end of script headers: surveycookie.pl
[Mon Nov 21 03:51:26 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 03:51:26 2011] [error] [client 66.249.68.193] Premature end of script headers: search.cgi
[Mon Nov 21 04:08:48 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 04:08:48 2011] [error] [client 66.249.68.193] Premature end of script headers: shuffler.pl
[Mon Nov 21 06:37:34 2011] [error] [client 66.249.68.193] suexec policy violation: see suexec log for more details
[Mon Nov 21 06:37:34 2011] [error] [client 66.249.68.193] Premature end of script headers: tickerBN.pl
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] suexec failure: could not open log file
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] fopen: Permission denied
[Mon Nov 21 06:56:58 2011] [error] [client 66.249.68.193] Premature end of script headers: weatherFind.pl
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] suexec failure: could not open log file
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] fopen: Permission denied
[Mon Nov 21 08:14:37 2011] [error] [client 66.249.68.193] Premature end of script hea回答 1
Server Fault用户
发布于 2011-11-21 22:13:27
Linux的味道是什么?尝试/var/ log /apache2/suexec.log,但看起来suexec (Apache)没有写入日志文件的权限。似乎是个寻找易受攻击脚本的机器人。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/333320
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号